Descriptions:
On May 10–11, 2026, a self-spreading supply chain worm compromised multiple TanStack npm packages in one of the more technically sophisticated attacks the JavaScript ecosystem has seen. Web Dev Cody breaks down the attack chain: a malicious actor submitted a pull request to the TanStack repository, exploiting a GitHub Actions workflow configured with `pull_request_target`. The PR embedded a `prepare` script that executed automatically during `npm install` inside the CI runner, injecting malicious code into the pnpm cache. Subsequent legitimate publishes pulled from the poisoned cache and pushed compromised versions to the npm registry.
The malware captured OIDC tokens and GitHub tokens, modified package tarballs before registry publication, and attempted to spread to all other packages accessible under the compromised maintainer account — the worm mechanism. For developers who ran `npm install` around those dates, the payload installs persistent hooks into Claude Code sessions to re-execute on every launch, attempts to compromise VS Code settings, and runs a background service that monitors GitHub tokens. Critically, if a compromised token is revoked, the malware reportedly executes a full wipe of the user’s home directory.
TanStack has since unpublished affected versions and published a postmortem at tanstack.com. Developers who installed TanStack packages during the exposure window should audit `settings.json`, check for unauthorized background services, and immediately rotate all GitHub credentials.
📺 Source: Web Dev Cody · Published May 12, 2026
🏷️ Format: News Analysis
