Postmortem: TanStack NPM supply-chain compromise
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
TanStack supply-chain compromise is a critical security postmortem with high community engagement.
An attacker chained three GitHub Actions vulnerabilities—pull_request_target (Pwn Request), cache poisoning across fork/base trust boundary, and OIDC token memory extraction—to publish 84 malicious versions across 42 @tanstack/* npm packages. No npm tokens were stolen; the payload executed via optionalDependencies and prepare lifecycle scripts during install. Detected externally by StepSecurity's ashishkurmi within 20 minutes, all affected versions deprecated; install hosts from 2026-05-11 require rotating AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials.
Audit your GitHub Actions workflows for pull_request_target usage, implement cache isolation between forks and base, and restrict OIDC token permissions to prevent similar chained attacks.
For senior engineers managing open-source or CI/CD pipelines, this demonstrates how known GitHub Actions design flaws can be combined to compromise the entire supply chain, emphasizing the need for explicit trust-boundary mitigations.