gbhackers.com · May 4, 2026 11:44 AM UTC

Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets

Summary

A malicious npm package named “tanstack” has been discovered deploying a stealthy data exfiltration campaign, targeting developers through a deceptive nam...

Original reporting

Open original source

Related coverage

Read full article on gbhackers.com