tanstack-router
TanStack npm packages compromised by Mini Shai-Hulud
TeamPCP's Mini Shai-Hulud worm compromised the TanStack Router release pipeline by chaining a pull_request_target "Pwn Request" pattern, GitHub Actions cache poisoning, and runtime extraction of a GitHub Actions OIDC trusted-publisher token from runner memory. On 2026-05-11 between 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* npm packages were published with a malicious optional dependency on an orphan git commit. The install-time payload harvested cloud, Kubernetes, Vault, GitHub, npm, and SSH credentials, exfiltrated over the Session/Oxen network, and attempted self-propagation by republishing packages maintained by victims.
- Date
- 2026-05-11
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- CI/CD
- Impact
- Credential theft
- Cause
- CI/CD Exploit
What Was Affected
Package
tanstack-router
LanguageJavaScript
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
npmjs.com
Repository
github.com/TanStack/router
Compromised Versions
- @tanstack/arktype-adapter@1.166.12
- @tanstack/arktype-adapter@1.166.15
- @tanstack/eslint-plugin-router@1.161.9
- @tanstack/eslint-plugin-router@1.161.12
- @tanstack/eslint-plugin-start@0.0.4
- @tanstack/eslint-plugin-start@0.0.7
- @tanstack/history@1.161.9
- @tanstack/history@1.161.12
- @tanstack/nitro-v2-vite-plugin@1.154.12
- @tanstack/nitro-v2-vite-plugin@1.154.15
- @tanstack/react-router@1.169.5
- @tanstack/react-router@1.169.8
- @tanstack/react-router-devtools@1.166.16
- @tanstack/react-router-devtools@1.166.19
- @tanstack/react-router-ssr-query@1.166.15
- @tanstack/react-router-ssr-query@1.166.18
- @tanstack/react-start@1.167.68
- @tanstack/react-start@1.167.71
- @tanstack/react-start-client@1.166.51
- @tanstack/react-start-client@1.166.54
- @tanstack/react-start-rsc@0.0.47
- @tanstack/react-start-rsc@0.0.50
- @tanstack/react-start-server@1.166.55
- @tanstack/react-start-server@1.166.58
- @tanstack/router-cli@1.166.46
- @tanstack/router-cli@1.166.49
- @tanstack/router-core@1.169.5
- @tanstack/router-core@1.169.8
- @tanstack/router-devtools@1.166.16
- @tanstack/router-devtools@1.166.19
- @tanstack/router-devtools-core@1.167.6
- @tanstack/router-devtools-core@1.167.9
- @tanstack/router-generator@1.166.45
- @tanstack/router-generator@1.166.48
- @tanstack/router-plugin@1.167.38
- @tanstack/router-plugin@1.167.41
- @tanstack/router-ssr-query-core@1.168.3
- @tanstack/router-ssr-query-core@1.168.6
- @tanstack/router-utils@1.161.11
- @tanstack/router-utils@1.161.14
- @tanstack/router-vite-plugin@1.166.53
- @tanstack/router-vite-plugin@1.166.56
- @tanstack/solid-router@1.169.5
- @tanstack/solid-router@1.169.8
- @tanstack/solid-router-devtools@1.166.16
- @tanstack/solid-router-devtools@1.166.19
- @tanstack/solid-router-ssr-query@1.166.15
- @tanstack/solid-router-ssr-query@1.166.18
- @tanstack/solid-start@1.167.65
- @tanstack/solid-start@1.167.68
- @tanstack/solid-start-client@1.166.50
- @tanstack/solid-start-client@1.166.53
- @tanstack/solid-start-server@1.166.54
- @tanstack/solid-start-server@1.166.57
- @tanstack/start-client-core@1.168.5
- @tanstack/start-client-core@1.168.8
- @tanstack/start-fn-stubs@1.161.9
- @tanstack/start-fn-stubs@1.161.12
- @tanstack/start-plugin-core@1.169.23
- @tanstack/start-plugin-core@1.169.26
- @tanstack/start-server-core@1.167.33
- @tanstack/start-server-core@1.167.36
- @tanstack/start-static-server-functions@1.166.44
- @tanstack/start-static-server-functions@1.166.47
- @tanstack/start-storage-context@1.166.38
- @tanstack/start-storage-context@1.166.41
- @tanstack/valibot-adapter@1.166.12
- @tanstack/valibot-adapter@1.166.15
- @tanstack/virtual-file-routes@1.161.10
- @tanstack/virtual-file-routes@1.161.13
- @tanstack/vue-router@1.169.5
- @tanstack/vue-router@1.169.8
- @tanstack/vue-router-devtools@1.166.16
- @tanstack/vue-router-devtools@1.166.19
- @tanstack/vue-router-ssr-query@1.166.15
- @tanstack/vue-router-ssr-query@1.166.18
- @tanstack/vue-start@1.167.61
- @tanstack/vue-start@1.167.64
- @tanstack/vue-start-client@1.166.46
- @tanstack/vue-start-client@1.166.49
- @tanstack/vue-start-server@1.166.50
- @tanstack/vue-start-server@1.166.53
- @tanstack/zod-adapter@1.166.12
- @tanstack/zod-adapter@1.166.15
Incident Context
- Motive
- Credential Theft
- Attribution
- Advanced Persistent Threat
- Transitive
- Yes
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
Indicators and Changes
Commits
External References
- github.com/TanStack/router/issues/7383
- tanstack.com/blog/npm-supply-chain-compromise-postmortem
- github.com/advisories/GHSA-g7cv-rxg3-hmpx
- stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
- research.jfrog.com/post/shai-hulud-here-we-go-again
- aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised
- socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
Source Data
Source record: oss/tanstack-router/meta.yaml