In the world of JavaScript development, TanStack (Query, Table, Router) is a gold standard. However, a malicious actor has weaponized this trust by “brand-squatting” the unscoped name “tanstack” on the npm registry. While the official library uses the @tanstack/* scope, the fake package sat on the registry for over a month before being turned into an active credential stealer.
On April 29, 2026, the package maintainer (username: sh20raj) released four malicious versions (2.0.4–2.0.7) in a 27-minute blitz. These versions were specifically designed to exfiltrate .env files from developer machines the moment npm install was executed.
The Anatomy of the Attack: The postinstall Trap
The attack utilizes npm lifecycle hooks, a common but dangerous feature that allows code to run automatically after installation.
How the Exfiltration Worked:
- The Trigger: As soon as a developer runs
npm install tanstack, a script namedsetup.js(or similar) is triggered. - The Search: A function cleverly disguised as
sendReadme()(to mimic routine telemetry) scans the project root for files matching.env,.env.local, or.env.production. - The Payload: The script packages these files—which often contain database passwords, Stripe keys, and AWS tokens—into a JSON object.
- The Drop-Off: The data is sent via an HTTPS POST request to a webhook hosted on Svix, a legitimate third-party service, making the traffic look like normal API communication.
Extortion and Legal Battles
This isn’t just a random malware strike; it’s a targeted campaign with a history of bad faith. Tanner Linsley, the creator of TanStack, confirmed that the maintainer of the fake package is in no way affiliated with the project.
Linsley revealed a disturbing backstory:
- Extortion: The maintainer previously demanded $10,000 to hand over the unscoped name.
- Failed Takedowns: Despite repeated reports to npm and a pending trademark infringement claim, the package remained active until the active exfiltration was detected by Socket.dev’s AI-powered monitoring.
Impact: What Was Stolen?
If you installed versions 2.0.4 through 2.0.7, you must assume that every secret in your project’s environment files has been compromised. The attacker used a specific Svix Source ID (src_3387PLMB2uhXOBe3Q8sHu) as a one-way drop box, meaning only the attacker can see the stolen data.
Targeted Data:
- API Keys: OpenAI, AWS, GitHub, Stripe.
- Database Credentials: Connection strings for production databases.
- Auth Tokens: JWT secrets and OAuth client IDs.
Remediation: 4 Steps to Secure Your Project
If you find the unscoped tanstack package in your package.json or lockfiles, take immediate action:
- Uninstall and Purge: Remove the package and check your global npm cache.
- Rotate ALL Secrets: Treat every key in your
.envfiles as “public.” Replace database passwords, rotate API keys, and invalidate existing sessions. - Audit Lockfiles: Scan
package-lock.jsonoryarn.lockfor the stringtanstack(without the@symbol). - Registry Deny List: Add
tanstackto your organization’s blocklist to prevent accidental installs in the future. Always use the official@tanstack/scoped packages.
Conclusion: Trust, but Verify Scopes
The “tanstack” incident is a stark reminder that name-squatting remains one of the most effective ways to breach modern dev environments. By mirroring the name of a popular library, attackers bypass the “mental firewall” of busy developers. In 2026, verifying the scoped name of a package is no longer a best practice—it is a survival skill.
