Back

Supply Chain Attack Compromises 42 TanStack Packages via npm

Severity: High (Score: 72.0)

Sources: www.heise.de, Gigazine

Summary

On May 11, 2026, a supply chain attack targeted TanStack, affecting 42 npm packages with 84 malicious versions containing credential-stealing malware. The compromised packages included popular libraries used in JavaScript and React development. An external researcher identified the malicious packages within 20 minutes of their release, prompting TanStack to deprecate the affected versions and request their removal from npm. Users are advised to rotate credentials for services like GitHub, AWS, and SSH, as the malware can steal sensitive information. The attack is part of a broader campaign dubbed 'Mini Shai-Hulud,' which has also targeted other npm and PyPI packages. Security firm Socket provided recommendations for developers to mitigate the risks associated with the attack. The full list of affected packages is available in the GitHub Security Advisory. Key Points: • 42 TanStack npm packages were compromised with malware containing credential stealers. • Users are urged to rotate credentials for multiple services due to potential exposure. • The attack is linked to a broader campaign known as 'Mini Shai-Hulud' targeting popular package managers.

Key Entities

  • TeamPCP (apt_group)
  • Supply Chain Attack (attack_type)
  • Mini Shai-Hulud (malware)
  • TanStack (company)
  • AWS (company)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • GCP (platform)
  • GitHub (platform)
  • PyPI (platform)
  • Npm (tool)
  • SSH (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed