Malware5 min read
TanStack npm Packages Backdoored in 6-Minute Supply Chain Blitz
TeamPCP compromised 84 versions across 42 TanStack packages on May 11 using GitHub Actions cache poisoning. The malware steals CI/CD credentials and includes a wiper that triggers on token revocation.
James RiveraMay 12, 2026