IT之家5 月 12 日消息，网络安全检测机构 Socket 于当地时间 5 月 11 日发出警报，在开源工具库 TanStack 旗下约 84 个 NPM 软件包的恶意版本中发现疑似凭证窃取恶意代码。 受影响软件包覆盖 42 个 @tanstack/* 命名空间下的项目，其中 @tanstack / react-router 的周下载量超 1200 万次，此类工具包在 NPM 生态中被广泛直接或 ...

The TanStack team has released version 1.0.0 of TanStack Form, an open-source library for the state management of forms in web applications. Among other things, it is intended to stand out through ...

The TanStack Router is an alternative to the React Router, the de facto standard for routing in React applications. The TanStack team released the first stable version in December 2023. The router ...

Two corporate laptops, some credential material, and a forced macOS app update. The interesting part is how the malicious packages got published in the first place: not by a stolen npm password, but ...

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including packages tied to UiPath, ...

OpenAI has admitted that two employee devices were compromised through malicious versions of TanStack npm packages. The company is insisting that no evidence that user data, production systems, or ...