A supply-chain attack compromised 84 npm packages in the TanStack ecosystem, including React Router (12M+ weekly downloads), as part of a campaign tracked as Mini Shai-Hulud that has also affected packages from OpenSearch, Mistral AI, Guardrails AI, and UiPath. According to TanStack's postmortem and analysis by Socket, attackers chained a vulnerable pull_request_target workflow to poison the GitHub Actions cache, then extracted runtime OIDC tokens from the runner's memory and used trusted publisher bindings to push malicious updates to npm. The injected payload (router_init.js) is delivered via a malicious optionalDependency pointing to a standalone commit on GitHub, executed through an npm prepare lifecycle hook on install. Once running, it harvests GitHub Actions workflow tokens, AWS metadata credentials, Kubernetes service-account certificates, and HashiCorp Vault secrets, exfiltrating them over the Session P2P network and persisting via hidden copies in Claude Code and VS Code configuration directories. Developers and CI pipelines that installed affected TanStack versions should rotate GitHub, npm, cloud, and Vault credentials and audit workflow runs for compromise.
- 84 npm Packages Linked to TanStack Hit by Supply-Chain Breach(opens in a new tab)
- CVE-2026-45321 - Malware in 42 @tanstack/* packages exfiltrates (opens in a new tab)
- The Cache That Bites Back: GitHub Actions Cache Poisoning Attack(opens in a new tab)