A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including UiPath, Mistral AI, OpenSearch and PyPI. In April, Mini Shai‑Hulud initially targeted SAP-related packages before culminating into its largest wave in mid‑May, where attackers hijacked legitimate release pipelines to publish hundreds of malicious package versions.
According to new analysis by Socket, 84 npm package artifacts in the TanStack namespace were modified with suspected credential-stealing malware targeting continuous integration systems, including GitHub Actions. At least one affected package, @tanstack/react-router, receives more than 12 million weekly downloads, Socket claimed.
TanStack said the attacker published 84 malicious versions across 42 @tanstack/* packages on May 11, 2026, between 19:20 and 19:26 UTC, and the attack chain involved the pull_request_target “Pwn Request” pattern, GitHub Actions cache poisoning and runtime extraction of an OpenID Connect token from the runner process memory. No npm tokens were stolen and the npm publish workflow itself was not compromised, according to TanStack.