Node JS
fromTanstack
2 days agoPostmortem: TanStack npm supply-chain compromise | TanStack Blog
Malicious TanStack npm package versions used GitHub Actions cache poisoning and OIDC token extraction to run credential-harvesting scripts and exfiltrate data.