Warning: Large-Scale Supply Chain Attack on TanStack!

📰 News Overview

• On May 11, 2026, 42 packages (a total of 84 versions) under @tanstack were found to be compromised with malicious code and published illegally.
• The attackers exploited the pull_request_target feature of GitHub Actions, successfully executing a combination of cache pollution and memory extraction of OIDC tokens.
• The injected script was designed to steal credentials from AWS, GCP, GitHub, SSH, and send them externally through a Session messenger network.

💡 Key Points

• Exploitation of the “Pwn Request” Pattern: The core issue lies in breaching the trust boundary of workflows that automatically execute on pull requests (Forks) from external sources.
• Cache Pollution: The attackers succeeded in storing a malicious binary in the cache on GitHub Actions, which was then pulled into the legitimate release process.
• Self-Replicating Malware: The malware had the ability to enumerate other packages managed by infected users and attempt to redistribute similar code, showcasing its self-replicating capabilities.

🦈 Shark’s Eye (Curator’s Perspective)

I’m in shock that such a vivid supply chain attack occurred in 2026! What’s particularly noteworthy is that they didn’t directly steal npm tokens but extracted OIDC tokens from the GitHub Actions runner’s memory. This indicates a lower-level (closer to the infrastructure) attack that traditional secret management cannot prevent.

Moreover, the attackers cleverly used a fake identity, “claude,” for commits and employed hard-to-detect decentralized networks like Session/Oxen for communication. This highlights the importance of network restrictions, as existing IP blocks don’t offer protection against such tactics!

🚀 What’s Next?

Expect stricter management of cache scopes in CI/CD pipelines moving forward. Especially workflows utilizing pull_request_target are likely to be treated as “virtually forbidden” under the 2026 security standards.

💬 A Word from Haru-Same

Even I, your shark reporter Haru-Same, am shaken by the cleverness of this attack! If you installed any packages on that day, rotate all your keys right away! It’s a golden rule for protecting your life (data)! 🦈🔥

📚 Terminology

• Pwn Request: An attack method that abuses the pull_request_target event in GitHub Actions to execute workflows with high permissions illegally from external sources.

• OIDC Token: A temporary authentication credential utilizing OpenID Connect. In this case, the mechanism was misused to temporarily borrow permissions for accessing the cloud from GitHub Actions.

• Cache Pollution: A technique where attackers mix fake data into “temporary storage data (cache)” to speed up development, causing it to be executed in subsequent processes.

• Source: Postmortem: TanStack NPM supply-chain compromise