TanStack npm Supply Chain Attack: 84 Malicious Versions Published in 6 Minutes

What Happened

Between 19:20-19:26 UTC on May 11, 2026, an attacker published 84 malicious versions across 42 @tanstack/* npm packages in just 6 minutes. No npm tokens were stolen - the attack vector was entirely GitHub Actions. An external researcher detected the malicious versions publicly within 20 minutes, and all affected versions have since been deprecated.

The Attack Chain

The attacker combined three GitHub Actions vulnerabilities: (1) the Pwn Request pattern exploiting pull_request_target to access repository secrets from a fork PR, (2) GitHub Actions cache poisoning across the fork-base trust boundary, and (3) runtime extraction of an OIDC token from the GitHub Actions runner process memory.

What the Malware Does

When any affected version is installed via npm, pnpm, or yarn, a 2.3MB obfuscated script executes via the prepare lifecycle hook. It harvests credentials from AWS IMDS/Secrets Manager, GCP metadata, Kubernetes service accounts, Vault tokens, ~/.npmrc, GitHub tokens, and SSH private keys - then exfiltrates them over the Session/Oxen end-to-end encrypted messenger network.

Confirmed Safe Packages

@tanstack/query*, @tanstack/table*, @tanstack/form*, @tanstack/virtual*, @tanstack/store, and @tanstack/start are unaffected.

Immediate Action

If you ran an install against affected versions on May 11, 2026, rotate credentials immediately: AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH. GitHub Security Advisory: GHSA-g7cv-rxg3-hmpx.