Supply Chain Attack via Unscoped Package Name
On April 29, 2026, security researchers at Aikido discovered a malicious npm package impersonating the popular TanStack project. The attacker registered the unscoped “tanstack” name and created a package called “TanStackPlayer” that appeared to be a legitimate video player SDK. The package included polished documentation with sponsorship badges, download counters, and feature comparison tables to deceive developers during casual review.
The malicious campaign lasted only 27 minutes, between 17:08 and 17:35 UTC. During this window, the attacker pushed four versions (2.0.4 through 2.0.7) to npm in rapid succession. The package had accumulated approximately 19,830 downloads before the attack began, providing a substantial pool of potential victims.
How the Postinstall Script Worked
Each malicious version contained a postinstall hook that executed automatically when developers ran “npm install tanstack” instead of “@tanstack/query”. The attacker actively refined the payload in real time across all four versions. Version 2.0.4 targeted “.env” and “.env.local” files directly. Version 2.0.5 switched to README.md and AGENTS.md, likely as a test. Version 2.0.6 became the most dangerous iteration, implementing a “collectEnvFiles()” function that swept the directory for all files starting with “.env” and suppressed console output entirely. Version 2.0.7 reverted to specific targets but added a self-referential dependency on version 2.0.6.
Exfiltrated data was routed through Svix, a legitimate webhooks-as-a-service platform, to an attacker-controlled endpoint. This technique bypassed standard network monitoring by using a trusted third-party relay. The stolen payload included file contents along with system metadata such as Node.js version, platform, and architecture.
Impact and Mitigation
The compromised files typically contain AWS access keys, GitHub personal access tokens, npm publish tokens, database connection strings, API keys for services like Stripe and OpenAI, and OAuth client secrets. Any of these credentials can lead to full account takeover, data breaches, or unauthorized cloud resource consumption. No existing CVEs are directly associated with this attack, though it demonstrates the ongoing risk of supply chain attacks on npm.
Developers should check their lock files for any version between 2.0.4 and 2.0.7 using: grep -r “tanstack” package-lock.json yarn.lock pnpm-lock.yaml. Affected developers must rotate all credentials present during installation, audit CloudTrail for unauthorized API calls, and revoke GitHub and npm tokens immediately. Organizations should also monitor outbound HTTPS traffic to “api.svix.com” and review CI pipeline logs for unusual install steps.
Source: Cybersecuritynews
