Overview
- Attackers published 84 malicious versions across 42 @tanstack packages, which maintainers quickly deprecated after reports surfaced.
- The publish path combined a risky pull_request_target trigger, a poisoned Actions cache, and an identity token pulled from the runner’s memory to push releases to npm.
- The injected payload, an obfuscated router_init.js file, harvests cloud, GitHub, and local credentials and sends the data through the Session private messaging network.
- Security firms link the campaign to TeamPCP and say it also hit other projects, including packages tied to UiPath, OpenSearch, Mistral AI, and Guardrails AI across npm and PyPI.
- TanStack assigned CVE-2026-45321 with critical severity, and responders advise scanning builds, rotating any exposed credentials, and blocking the listed command-and-control infrastructure.