Node JS
fromTanstack
1 day agoPostmortem: TanStack npm supply-chain compromise | TanStack Blog
Malicious TanStack npm package versions used GitHub Actions cache poisoning and OIDC token extraction to run credential-harvesting scripts and exfiltrate data.