TanStack router and related npm packages were hit by a self-spreading supply chain attack; investigation details at stepsecurity.io.
Key Takeaways
The attack is documented as “mini-shai-hulud,” a worm-style supply chain attack spreading across the npm ecosystem.
TanStack actively investigated and shared findings in GitHub issue #7383 alongside a StepSecurity post-mortem.
The Mistral AI TypeScript client (@mistralai/mistralai) was also compromised as part of the same worm and pulled from the registry.
Affected packages were published to npm latest, meaning any project without pinned or audited installs could pull malicious code automatically.
Hacker News Comment Review
The payload installs a dead-man’s switch: a systemd service or macOS LaunchAgent that polls GitHub with the stolen token every 60s and runs rm -rf ~/ if the token is revoked, making remediation itself dangerous.
Commenters converged on postinstall/prepare lifecycle scripts as the root enabler; the malware used a prepare hook with bun, and ironically bun is immune to this attack vector by default.
Trusted Publishing from CI was flagged as insufficient on its own: a compromised CI pipeline or stolen repo admin creds bypasses it, and hardware signing (YubiKey) was suggested as a stronger alternative.
Notable Comments
@cube00: Details the dead-man’s switch mechanics – revoke the token and lose your home directory.
@chuckadams: “Enabling lifecycle scripts in dependencies by default in 2026 is just plain malpractice.”
@varunsharma07: Confirms @mistralai/mistralai was pulled from npm as a confirmed second victim of the same worm.
