ON 11 May 2026, StepSecurity’s OSS Package Security feed flagged the latest releases of several @tanstack/* packages on npm as malicious, describing a coordinated supply-chain attack that poisoned multiple TanStack Router packages with an install-time credential stealer.
At least five packages in the TanStack Router family appear to have been compromised in their latest published versions, including @tanstack/router-generator@1.166.45, @tanstack/router-generator@1.166.48, @tanstack/router-core@1.169.8, @tanstack/router-utils@1.161.14, @tanstack/virtual-file-routes@1.161.13, and @tanstack/react-router@1.169.8.
Each compromised tarball carries a doctored package[.]json and an undeclared, heavily obfuscated router_init.js of around 2.3 MB at the package root, with the package[.]json adding an optionalDependencies entry that pulls a payload from a ghost commit on a fork of TanStack/router reachable through the parent repo’s URL. The payload is designed to run via bun and then exit with code 1, abusing npm’s silent-failure behaviour for optional dependencies so the install appears to succeed.
Plaintext indicators inside the obfuscated payload point to theft of AWS instance keys, Vault tokens, GitHub tokens and npm tokens, exfiltrated over a Session messenger file relay, with the behavioural signature matching the Shai-Hulud-style npm worm family. The last known clean release of @tanstack/router-generator is 1.166.42, published on 6 May 2026, and the post notes the incident remains developing with a full technical write-up to follow.
Users are urged to stop installing the affected versions, pin or downgrade to the last clean versions, audit recent installs, rotate secrets, hunt for outbound connections to filev2.getsession[.]org and the 169.254.169[.]254/169.254.170[.]2 ranges, and follow the OSS Package Security feed for updates.