@tanstack/react-start-client
@tanstack/react-start-client is identified in the SafeDep analysis "Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.
discovered 2026-05-12
Threat types
credential_stealer
Malicious versions
- 1.166.51
- 1.166.54
