---
title: "TanStack npm Packages Compromised in Supply-Chain Attack"
description: "Socket Research Team detects 84 compromised TanStack npm packages modified with credential-stealing malware. Learn about the Mini Shai-Hulud attack, affected versions, and critical remediation steps to secure your CI/CD environment."
canonical_url: "https://cloudsmith.com/blog/tanstack-npm-packages-compromised-in-mini-shai-hulud-attack"
last_updated: "2026-05-12T12:03:12.940Z"
---
# TanStack npm Packages Compromised in Supply-Chain Attack

The threat research team at Socket have today identified over 84 malicious [**TanStack npm**](https://www.npmjs.com/org/tanstack) package artifacts across 42 packages in the `tanstack` namespace, one of which, [**pkg:npm/@tanstack/react-router**](https://www.npmjs.com/package/@tanstack/react-router) has over 12 million weekly downloads - giving you an idea of the global impact of these software dependencies. [**StepSecurity**](https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem) have attributed the behaviour to an ongoing TeamPCP supply chain attack called “**Mini Shai-Hulud**”. The self-propagating malware, which has been seen in other supply chain attacks, spreads by stealing CI/CD secrets.



Thankfully all of these compromised packages were identified only minutes after the packages were published. The problem for the industry is whether organisations had inadvertently consumed those malicious software artifacts before they were removed from the `npm` upstream registry. As always a way that `npm` registry users can stay ahead of this type of attack is by defining a [**minimum release age**](https://github.com/lirantal/npm-security-best-practices#31-npm--pnpm--bun--yarn-minimumreleaseage-cooldown) for software artifacts coming from the `npm` registry. In Cloudsmith, we solve this problem through automated [**cooldown policies**](https://cloudsmith.com/changelog/upstream-publish-date-added-for-additional-formats). Cloudsmith also tracks the malicious packages under the `OSV` malicious package advisory - **[MAL-2026-3463](https://github.com/ossf/malicious-packages/blob/c3ecf6f486c93ec906bbd05e29e48f92eddc8140/osv/malicious/npm/%40tanstack/history/MAL-2026-3463.json#L9).**



### **Cooldown Policy in Cloudsmith**

[Recipe 9: Package Publish Date](https://docs.cloudsmith.com/supply-chain-security/epm/rego#recipe-9-package-publish-date)  
Match new packages for a specific period (for example a couple of days) after the package was initially released. By enforcing a time lag before consuming a new package or package version, we are enforcing an effective safeguard to protect against zero-day attacks such as the compromised **TanStack** `npm` packages.

```json
{
  "_key": "6d9b41964e7c",
  "_type": "code",
  "code": "package cloudsmith\n\ndefault match := false\n\n# A package is matched if its upstream publish date is within the past N days.\nwithin_past_days := 3\nsupported_formats := {\"npm\", \"python\", \"nuget\",\"maven\",\"docker\", \"ruby\", \"go\", \"cargo\", \"conda\"}\n\nmatch if count(reason) != 0\n\nreason contains msg if {\n    pkg := input.v0.package\n    within_past_days_date := time.add_date(time.now_ns(), 0, 0, 0 - within_past_days)\n    publish_date := time.parse_rfc3339_ns(pkg.upstream_metadata.published_at)\n\n    # Match if the publish date comes after the date of the set number of days ago.\n    publish_date >= within_past_days_date\n    pkg.format in supported_formats\n\n    msg := sprintf(\"Package upstream publish date is %v (falls within the past %v days)\", [pkg.upstream_metadata.published_at, within_past_days])\n}",
  "filename": null,
  "language": "rego",
  "markDefs": null
}
```

### **Malicious Package Policy in Cloudsmith**

[Recipe 6: Detect malicious packages](https://docs.cloudsmith.com/supply-chain-security/epm/rego#recipe-6-detect-malicious-packages)  
This simple policy checks if a package was part of a supply chain attack. If OSV.dev identifies the package as malicious in their advisories, for example, [**MAL-2026-3463**](https://github.com/ossf/malicious-packages/blob/c3ecf6f486c93ec906bbd05e29e48f92eddc8140/osv/malicious/npm/%40tanstack/history/MAL-2026-3463.json#L9), Cloudsmith registries can automatically quarantine packages that start with the "`MAL-`" identifier. 

```json
{
  "_key": "5651e6ca909e",
  "_type": "code",
  "code": "package cloudsmith\ndefault match := false\n\nmatch if count(malicious_packages) > 0\n\nmalicious_packages := [vulnerability.id |\n\tsome vulnerability in input.v0.osv\n\tstartswith(vulnerability.id, \"MAL-\")\n]",
  "filename": null,
  "language": "rego",
  "markDefs": null
}
```



According to a comprehensive [**post-mortem**](https://tanstack.com/blog/npm-supply-chain-compromise-postmortem) by the TanStack team, the attackers successfully released 84 compromised versions of 42 different `@tanstack/*` packages. The breach was achieved through a multi-step exploit involving "**Pwn Request**" vulnerabilities in `pull_request_target` workflows, GitHub Actions cache poisoning, and the extraction of OIDC tokens directly from the runner's process memory. Unfortunately, we expect to see more of this style of campaign from groups like TeamPCP in the coming months. As always, there are steps that we can take to stay safe.

[Talk to Cloudsmith about protecting your software supply chain →](https://cloudsmith.com/contact)
