InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

npm 生态遭大范围投毒:TanStack、Mistral AI、UiPath 等受波及,可窃取云 ...

IT之家5 月 12 日消息,网络安全检测机构 Socket 于当地时间 5 月 11 日发出警报,在开源工具库 TanStack 旗下约 84 个 NPM 软件包的恶意版本中发现疑似凭证窃取恶意代码。 受影响软件包覆盖 42 个 @tanstack/* 命名空间下的项目,其中 @tanstack / react-router 的周下载量超 1200 万次,此类工具包在 NPM 生态中被广泛直接或 ...
heise online

React-Deep-Dive: TanStack Router und TanStack Query – Teil 1

The TanStack Router is an alternative to the React Router, the de facto standard for routing in React applications. The TanStack team released the first stable version in December 2023. The router ...
Security Boulevard

The TanStack Breach and the Fragility of Trusted Code

On May 11, 2026, several TanStack packages on npm were briefly replaced with malicious versions, raising fresh concerns about ...
heise online

State of React 2024: TanStack Query jetzt beliebter als Next.js

The results of the "State of React" survey from fall 2024 are now available. The Devographics collective, which is also behind the "State of JavaScript" survey, organized it for the second time and ...
Morning Overview on MSN

OpenAI says the TanStack breach reached two employee devices but did not compromise user ...

Two developer workstations inside OpenAI installed compromised versions of the popular open-source TanStack library after an ...
Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
来自MSN

React survey shows TanStack gains, doubts over server components

Devographics has published its State of React survey, with over 3,700 developers speaking out about what they love and hate in the fractured React ecosystem.… React, originally sponsored by Meta, is a ...