On May 11, 2026, an attacker injected malicious code into 84 versions of 42 @tanstack/* npm packages. By exploiting the pull_request_target workflow, poisoning the GitHub Actions cache, and stealing an OIDC token from the runner, the payload was published without compromising the npm token itself. The breach surfaced within twenty minutes, publicly prompting a quick deprecation of the tainted releases.

The malicious optionalDependencies trigger during npm, pnpm or yarn install, fetch an orphan commit from a fork named zblgg/configuration and execute a 2.3 MB obfuscated router_init.js script. The code harvests credentials from AWS, GCP, Kubernetes, Vault, ~/.npmrc, GitHub tokens and SSH keys, then exfiltrates them via encrypted sessions securely directly to getsession.org domains. All affected hosts should be treated as compromised.

TanStack maintainer Tanner Linsley opened tracking issue #7383 and coordinated with npm security to pull the malicious tarballs. A GitHub Security Advisory (GHSA-g7cv‑rxg3‑hmpx) was issued, and the team hardened the bundle-size.yml workflow by removing pull_request_target usage and pinning third‑party actions. Developers who installed any version on May 11 are urged to promptly rotate critical cloud, GitHub, npm and SSH credentials immediately.