84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials

📅 12 May 2026 at 02:44 UTC📰 Cyber Security NewsView original source ↗

A significant supply-chain compromise affecting 84 npm package artifacts across the TanStack namespace. The malicious versions, published to the npm registry at approximately 19:20 and 19:26 UTC, contain a suspected credential-stealing payload targeting CI systems, including GitHub Actions. According to Socket, the compromise spans 42 TanStack packages — two malicious versions each including widely used […] The post 84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A supply-chain attack compromised 84 npm package artifacts across the TanStack namespace, targeting CI credentials and potentially stealing sensitive information. The malicious packages were published to the npm registry at approximately 19:20 and 19:26 UTC.

⚙️Technical Details

Affected Systems

CI systems, including GitHub Actions

Attack Vectors

npm package artifacts across the TanStack namespace

💥Impact Assessment

Severity: critical

Who Is at Risk

Developers and organizations using affected npm packages in their CI pipelines

🛡️Recommended Actions

1Immediately update to the latest version of affected npm packages

2Monitor CI pipeline logs for suspicious activity

3Implement additional security measures, such as code signing and secure package management

📦Affected Products

Product Name: TanStack npm packages

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed