TanStack NPM Packages Compromised
Hacker News Best2056 字 (约 9 分钟)
95
Several latest versions of TanStack's npm packages were found to contain malware, likely due to stolen developer credentials; users are advised to audit dependencies and revoke tokens immediately.
入选理由:受感染的包包括 @tanstack/react-router 和其他子项目,发布时间集中在 2026 年 5 月 11 日。
FeaturedArticle#npm#security vulnerability#TanStack#supply chain attack#frontend英文