TanStack npm Packages Compromised in Ongoing Supply-Chain Attack
Essential information
- Published
- 12/05/2026 15:55
- Modified
- 12/05/2026 16:59
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- ci/cd targeting credential stealer github actions mini shai-hulud npm compromise oidc token theft router_init.js router_runtime.js session p2p network supply-chain attack tanstack_runner.js
- Tags
- 2026-05-12 ci/cd targeting credential-stealer github actions mini shai hulud npm compromise oidc token theft router_init.js router_runtime.js session p2p network supply chain attack tanstack_runner.js
- Related entities
- 4 indicators, 4 observables, 1 intrusion sets (apt), 18 techniques (mitre), 3 malware, 2 others
Description
Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...