malware npm

@tanstack/vue-start

discovered 2026-05-12

@tanstack/vue-start is identified in the SafeDep analysis "Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.

more…

Threat types

credential_stealer

Malicious versions

1.167.61
1.167.64

Campaigns

Mini Shai-Huludattributed-to

Indicators

domain git-tanstack.comcommunicates-with
domain filev2.getsession.orgcommunicates-with
domain 169.254.169.254communicates-with
ipv4 169.254.169.254communicates-with
sha256 ce7e4199506959fd7a71b64209b2c07b9c82e53a946aa7d78298dc9249230d01indicates
sha1 79ac49eedf774dd4b0cfa308722bc463cfe5885cindicates

Techniques

ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
ttp T1041 Exfiltration Over C2 Channeluses
ttp T1539 Steal Web Session Cookieuses

Read the full analysis →