TanStack was compromised, and it's bad

Added: 2026-05-12

[00:00:00]So unfortunately there's a pretty big security incident related to the Tanstack mpm packages that a lot of us use. I use Tanstack start all the time on my side projects but also Tanstack router and various other packages have been compromised by a minishy hall self-spreading supply chain attack. So this is a worm that when it gets inside an npm package and gets published to the npm registry other people can start grabbing that downloading it and then it basically starts spreading to other npm packages as well. So this is a pretty big issue and I think it's a good idea to pay attention to what's going on and how this kind of works. So on May 11th, this is when this was found and basically started. I think May maybe May 10th the package was published. But basically in the MPM ecosystem, someone made a pull request and that automatically triggered a run, right? So in GitHub there's GitHub actions and those actions basically clone down the repo of the forked repository.

[00:00:51]They run whatever changes or they run tests to verify that the code's good.

[00:00:55]But when you do that, there's a chance that you can actually have a malicious uh attacker add in some type of bad code to his pull request which automatically runs in your workflow. Now, typically when you make a pull request, it does ask you to like approve running it from outside sources. But the Tanstack repo had a pull request target directive in it. So basically something like this, they have a Git action that basically says on pull request target and when someone makes a pull request, it just automatically starts running a couple of things. And a lot of repositories have this just for like maintainability type of things like autotagging pull requests and forks and stuff like that. Now for the most part you would think this is not an issue because in order to do malicious stuff you think the gith of action would have to actually invoke scripts. But unfortunately with package JSON and how the npm ecosystem kind of works. we have this ability to write a prepare script and when you do an npm install the prepare script automatically runs and it happens to run this malicious JavaScript file that this attacker added in to his pull request and what this did was it went into the cache system of the GitHub action runner. So when you're running GitHub actions basically it caches your node dependencies so that it can run a little bit faster the next time. But from what I understand this malicious code basically went into the pmppm cache. it manually injected and overwrote some TANS stack uh related packages so that the next time a real run happens or real publish happens. It's going to actually pull from that pmppm cache, run the malicious code, and this malicious code does some pretty bad stuff. Basically, it grabs your OIDC tokens and your GitHub token. It then modifies the tarball package. So like when you're trying to build up and deploy to the npm registry, typically you make like a tarball, this thing modifies that and then it publishes it to the npm registry. And this is the first wave. So basically it tries to compromise whatever package that it got access to.

[00:02:42]But then it does another pass through and it tries to find all the other packages that that MPM uh key has access to and it tries to publish other packages as well. So this is how the whole worm self-spreading stuff kind of works. When one package is compromised or the maintainer system is compromised basically just keeps on publishing other compromised packages that are under that maintainer's um umbrella. Now honestly everything I say could be wrong. I'm not a security expert. There's a lot of more detail and you can dive into the detail.

[00:03:08]I think there's other YouTubers who probably do this a lot better. But what this has mean for you if you're using Tanstack start and you actually did an MPM install. You need to go through and check if you have any of these versions installed. There's quite a lot of different packages, a lot of different versions that could be potentially compromised. And the moment you install one of these, your system could potentially be compromised as well. Now also if you scroll on to the bottom it looks like when you are compromised it actually installs various things like they install some hooks into your claw code sessions that re-executes the malware on every cloud code session.

[00:03:38]This is crazy. So go look at your sess settings.json make sure that's not compromised. It looks like it tries to compromise VS Code. It looks like it persists a service on to your computer which basically monitors your GitHub tokens. And I do believe they mentioned um online that I read if you try to go and like revoke this token or the token is no longer valid, they just run a remove on your entire home directory and delete all your files. So I would go at least check to make sure you don't have this service running. Also check your claw settings and make sure that this stuff isn't happening if you've done an MPM install you know May 10th or May 11th with these compromised packages.

[00:04:12]Now since then if you go to the postmortem on tansstack.com they basically have contained this from what they say they kind of unpublished all these effective packages. So if you do npm install today you know you might be safe. They have a whole timeline here that kind of breaks down what happened.

[00:04:26]So if you are interested in more details go read through this. This is this is pretty crazy. I think this is something that we need to start paying attention to because a lot of the projects we work on whether that's in Python using pip or node with npm or go with go mod we are all building systems that depend on thirdparty open source tools and a lot of these open source tools can now be infiltrated by AI bots basically just submitting pull requests. We have GitHub actions that automatically run when these pull requests come in which is very dangerous and very scary and those can just compromise various packages and we don't really know about it until you know we have these automated systems that try to catch this type of stuff and we have security experts finding them.

[00:05:04]I'm not going to hate on Tanac start.

[00:05:05]I'm not going to hate on Next.js.

[00:05:06]Next.js even had like security issues with their like React server components even like this week, right? And they kind of published stuff of how we have to basically update to prevent these issues. We are living in a time where AI is making it much easier to find these exploits and actually like publish malicious code to start exploiting people. And I think we need to start maybe reanalyzing how many third-party libraries and frameworks we're using. I think the more third party stuff you depend on, the highest the higher the risk you assume on your project. And a simple little npm package getting published to a registry, the next time you run an MPM install could completely compromise your systems or your laptops.

[00:05:41]That's something that we shouldn't take lightly. That's something that's really important to uh pay attention to. And at this point, it might be safer to just always do your development in a sandbox or something like use like GitHub workspaces or something so that every time you do work, it's in an isolated environment and it can't potentially infect the computer that you're running on or the CI/CD pipelines that you're kind of running. All right, that's all I want to say about this. I don't want to go into too much detail because I'm not a security expert, but I do think this is important to mention because I use Tan Sack Start for everything. I've already kind of gone through and made sure that I don't have any of these versions installed. I don't think I've installed any versions since uh May 10th or 11th, but you never know. I should probably go through and actually uh double check I don't have any of these random files and artifacts on my computer, which I could probably just throw in the cloud code and just say, "Hey, can you like go and see if I have some artifacts installed?" That's another approach we can do. Um anyway, hope you guys enjoyed. Have a good day.

[00:06:35]Happying.