TL;DR
On May 11, 2026, attackers published malicious versions of 42 TanStack npm packages via a complex supply-chain attack involving GitHub Actions and cache poisoning. The incident was detected within 20 minutes and has prompted security advisories. The attack did not steal npm credentials but compromised affected systems running the affected versions.
On May 11, 2026, between 19:20 and 19:26 UTC, an attacker published 84 malicious versions across 42 TanStack npm packages, exploiting a complex chain of GitHub Actions vulnerabilities. The attack was identified publicly within 20 minutes by an external researcher, prompting immediate response efforts. This incident highlights the ongoing risks in supply-chain security for open-source packages.
The attacker used a combination of GitHub Actions cache poisoning, the ‘pull_request_target’ pattern, and runtime memory extraction of an OIDC token from the GitHub Actions runner to publish malicious package versions. These versions included an obfuscated script, ‘router_init.js,’ which, when executed during npm install, harvested credentials from various cloud and service environments, including AWS, GCP, Kubernetes, Vault, GitHub, and SSH keys. The malicious code also propagated itself by re-publishing other packages maintained by the victim.
Confirmed facts include the timeline of malicious package publication, the methods used to inject the payload, and the detection by the external researcher. The npm registry received the malicious uploads during the attack window, but no npm credentials were compromised. The affected packages include 42 packages with 84 versions, published in two waves roughly six minutes apart. The attack did not impact the integrity of the npm publish workflow itself, which remained secure, but the malicious code was executed on systems that installed the affected versions.
Why It Matters
This incident underscores the vulnerabilities in modern CI/CD pipelines and package distribution channels, especially when combined with sophisticated exploitation of GitHub Actions workflows. It raises concerns about the security of open-source dependencies, the potential for credential harvesting, and the risks of supply-chain attacks affecting downstream developers and organizations. Prompt detection and response limited the damage, but the event emphasizes the need for improved safeguards in automated publishing processes.
Software Supply Chain Defense: Securing Build Environments, Toolchains, and CI/CD Infrastructure Against Advanced Threats
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Prior to this attack, supply-chain compromises have increasingly targeted open-source ecosystems, with notable incidents involving package tampering and malicious code injection. On May 10, 2026, the attacker created a fork of the TanStack/router repository, introduced a malicious commit, and manipulated pull request workflows to execute the payload. The malicious code was embedded in a package that was later published during a CI/CD process triggered by a main branch merge. The attack exploited the trust boundaries in GitHub Actions, particularly the ‘pull_request_target’ pattern, which can run code with elevated permissions.
“The attack involved a sophisticated chain of exploits leveraging GitHub Actions vulnerabilities, but no npm credentials were stolen. We responded swiftly to mitigate the impact.”
— Tanner Linsley, TanStack maintainer
“We are actively investigating the vulnerabilities exploited and are working with affected packages to remove malicious versions.”
— GitHub Security Team
“The malicious versions were detected within 20 minutes of publication, highlighting the importance of external security research.”
— External researcher ashishkurmi
NetAlly CyberScope Air Wi-Fi Edge Network Vulnerability Scanner (Wireless Only Version). Validate Edge Infrastructure Hardening, Hunt Down Rogue Devices, Investigate Suspect RF Interference
Portable, handheld form factor – Take it anywhere for on-site security testing. This field-ready tool gives you visibility…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how many systems may have been compromised beyond credential harvesting, and whether the attacker exploited additional vulnerabilities in other parts of the CI/CD pipeline. The full extent of the malicious code’s impact on downstream systems is still being assessed. While npm has engaged security teams to remove malicious packages, the potential for undiscovered payloads or further propagation exists.
cloud credential harvesting protection
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Security teams from TanStack and npm are working to analyze the attack vector and strengthen package publishing safeguards. Developers who installed affected versions are advised to rotate credentials and review systems for signs of compromise. Ongoing investigations aim to determine if any additional malicious activity occurred and to prevent similar incidents in the future.
DevOps with GitHub Actions: A Practical Guide to Building Secure, Scalable, and Production-Ready CI/CD Automation Pipelines
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What exactly was compromised in this attack?
The attacker published malicious package versions that, when installed, executed code to harvest credentials from various environments. No npm credentials were stolen, but affected systems may have been compromised.
How did the attacker publish malicious packages?
The attacker exploited vulnerabilities in GitHub Actions workflows, specifically the ‘pull_request_target’ pattern, to inject malicious code during the CI process, which then published the compromised packages.
Are my systems at risk if I installed affected packages?
If you installed any affected versions on May 11, 2026, your system may be compromised. It is recommended to rotate all relevant credentials, including cloud and SSH keys, and review system logs for suspicious activity.
Will npm or GitHub be taking further action?
Yes, npm has engaged security teams to remove malicious packages, and GitHub is investigating the workflow vulnerabilities that were exploited. Both platforms are expected to implement additional safeguards.
What lessons can developers learn from this incident?
Developers should scrutinize CI/CD workflows, especially those using ‘pull_request_target,’ and implement stricter access controls and monitoring to prevent malicious code execution during automated processes.
