malware
npm
@tanstack/react-start-client
discovered 2026-05-12@tanstack/react-start-client is identified in the SafeDep analysis "Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.
Threat types
credential_stealer
Malicious versions
- 1.166.51
- 1.166.54
Campaigns
Indicators
- domain git-tanstack.comcommunicates-with
- domain filev2.getsession.orgcommunicates-with
- domain 169.254.169.254communicates-with
- ipv4 169.254.169.254communicates-with
- sha256 ce7e4199506959fd7a71b64209b2c07b9c82e53a946aa7d78298dc9249230d01indicates
- sha1 79ac49eedf774dd4b0cfa308722bc463cfe5885cindicates
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1539 Steal Web Session Cookieuses