The threat research team at Socket have today identified over 84 malicious TanStack npm package artifacts across 42 packages in the tanstack namespace, one of which, pkg:npm/@tanstack/react-router has over 12 million weekly downloads - giving you an idea of the global impact of these software dependencies. StepSecurity have attributed the behaviour to an ongoing TeamPCP supply chain attack called “Mini Shai-Hulud”. The self-propagating malware, which has been seen in other supply chain attacks, spreads by stealing CI/CD secrets.
Thankfully all of these compromised packages were identified only minutes after the packages were published. The problem for the industry is whether organisations had inadvertently consumed those malicious software artifacts before they were removed from the npm upstream registry. As always a way that npm registry users can stay ahead of this type of attack is by defining a minimum release age for software artifacts coming from the npm registry. In Cloudsmith, we solve this problem through automated cooldown policies. Cloudsmith also tracks the malicious packages under the OSV malicious package advisory - MAL-2026-3463.
Recipe 9: Package Publish Date
Match new packages for a specific period (for example a couple of days) after the package was initially released. By enforcing a time lag before consuming a new package or package version, we are enforcing an effective safeguard to protect against zero-day attacks such as the compromised TanStack npm packages.
package cloudsmith
default match := false
# A package is matched if its upstream publish date is within the past N days.
within_past_days := 3
supported_formats := {"npm", "python", "nuget","maven","docker", "ruby", "go", "cargo", "conda"}
match if count(reason) != 0
reason contains msg if {
pkg := input.v0.package
within_past_days_date := time.add_date(time.now_ns(), 0, 0, 0 - within_past_days)
publish_date := time.parse_rfc3339_ns(pkg.upstream_metadata.published_at)
# Match if the publish date comes after the date of the set number of days ago.
publish_date >= within_past_days_date
pkg.format in supported_formats
msg := sprintf("Package upstream publish date is %v (falls within the past %v days)", [pkg.upstream_metadata.published_at, within_past_days])
}Recipe 6: Detect malicious packages
This simple policy checks if a package was part of a supply chain attack. If OSV.dev identifies the package as malicious in their advisories, for example, MAL-2026-3463, Cloudsmith registries can automatically quarantine packages that start with the "MAL-" identifier.
package cloudsmith
default match := false
match if count(malicious_packages) > 0
malicious_packages := [vulnerability.id |
some vulnerability in input.v0.osv
startswith(vulnerability.id, "MAL-")
]According to a comprehensive post-mortem by the TanStack team, the attackers successfully released 84 compromised versions of 42 different @tanstack/* packages. The breach was achieved through a multi-step exploit involving "Pwn Request" vulnerabilities in pull_request_target workflows, GitHub Actions cache poisoning, and the extraction of OIDC tokens directly from the runner's process memory. Unfortunately, we expect to see more of this style of campaign from groups like TeamPCP in the coming months. As always, there are steps that we can take to stay safe.
Talk to Cloudsmith about protecting your software supply chain →
