TanStack npm Packages Hit by Mini Shai-Hulud

On May 11, 2026, a supply chain attack affected the TanStack npm packages, with 84 malicious package artifacts published across 42 packages in the @tanstack namespace. This incident, attributed to the threat group TeamPCP, marked the first time a malicious npm package carried valid SLSA provenance, a cryptographic certificate meant to verify the package's trusted source. The attack was executed through a hijacking of TanStack's release pipeline, allowing attacker-controlled code to publish malicious packages via a trusted identity. The rapid spread affected numerous organizations, including Mistral AI and UiPath, with @tanstack/react-router alone receiving over 12.7 million weekly downloads. This was part of a broader series of npm supply chain attacks using the Shai-Hulud worm toolchain. The worm exploited vulnerabilities in GitHub Actions, such as OIDC token extraction and cache poisoning, to publish malicious versions with valid attestations. The attack's persistence mechanisms included hooks in developer tooling directories and a dead-man's switch system-level script, highlighting the sophisticated nature of the campaign.