TanStack Considers Invitation-Only Pull Requests After Supply Chain Attack
Severity: High (Score: 67.5)
Sources: Theregister, Devclass
Published: · Updated:
Keywords: tanstack, weighs, invitation, shai-hulud, worm, exploited, github
Severity indicators: worm
Summary
The TanStack team is evaluating security measures following a supply chain attack that exploited a GitHub Actions misconfiguration. The Shai-Hulud worm, used by TeamPCP, triggered a pull request that executed malicious code, poisoning a shared cache across the repository. In response, TanStack has removed the vulnerable pull_request_target feature from its CI pipeline and implemented several security enhancements, including disabling caches and pinning actions to commit SHA hashes. A drastic proposal under consideration is making pull requests by invitation only, a significant shift from the open-source model. While this could enhance security, it may deter contributions from the community. The team emphasizes that they will not transition to a closed-source model but may require discussions before PR submissions. The incident highlights broader concerns regarding supply chain security and GitHub's role in cache management. Key Points: • TanStack is considering invitation-only pull requests after a supply chain attack. • The Shai-Hulud worm exploited GitHub Actions, leading to a cache poisoning incident. • TanStack has implemented multiple security measures to mitigate future risks.
Detailed Analysis
**Impact** The breach affected the TanStack open source project, potentially compromising all users and downstream projects relying on its repository. The attack poisoned a shared cache across the entire repository, risking the integrity of builds and deployments that depend on TanStack components. No specific sectors, geographies, or numbers of affected users were provided. The incident threatens supply chain security and could disrupt development workflows for maintainers and contributors globally. **Technical Details** The attack exploited a misconfiguration in GitHub Actions, specifically the use of the pull_request_target feature, which allowed malicious code from the Shai-Hulud worm (developed by TeamPCP) to execute and poison a shared cache. The worm extracts secrets from memory during GitHub Actions workflows. The workflow pattern used was one GitHub warns against, as it runs code from untrusted PRs with elevated privileges. No CVEs were cited. The kill chain stage involved initial access via a malicious pull request triggering automated CI workflows. **Recommended Response** Remove or avoid using the pull_request_target feature in CI pipelines, especially for workflows that build or run PR content. Disable caching mechanisms in package managers like pnpm and GitHub Actions until secure configurations are verified. Pin GitHub Actions to specific commit SHAs rather than floating tags. Implement minimumReleaseAge in dependency management to delay installation of new packages. Consider disabling SMS-based 2FA. Monitor for suspicious PR activity and evaluate restricting PR submissions to invitation-only if repository hardening is insufficient. No additional IOCs were provided for direct blocking.
Source articles (2)
- TanStack weighs invitation — Devclass · 2026-05-19
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions The TanStack team has documented security measures an… - TanStack weighs invitation — Theregister · 2026-05-18
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions The TanStack team has documented security measures an…
Timeline
- 2026-05-12 — Supply chain attack occurred: The Shai-Hulud worm exploited a GitHub Actions misconfiguration, impacting TanStack's repository.
- 2026-05-18 — TanStack announces security measures: The team outlined steps taken post-attack, including removing vulnerable features and enhancing security protocols.
- 2026-05-19 — Discussion on invitation-only PRs: TanStack is considering making pull requests by invitation only to prevent future attacks, while maintaining an open-source ethos.
Related entities
- Malware (Attack Type)
- Supply Chain Attack (Attack Type)
- TanStack (Company)
- CWE-200 - Exposure of Sensitive Information (Cwe)
- Shai-Hulud Worm (Malware)
- T1003 - OS Credential Dumping (Mitre Attack)
- T1059 - Command and Scripting Interpreter (Mitre Attack)
- T1195 - Supply Chain Compromise (Mitre Attack)
- GitHub (Platform)
- GitHub Actions (Tool)