npm

@tanstack/router-devtools

@tanstack/router-devtools is identified in the SafeDep analysis "Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.

discovered 2026-05-12

Threat types

credential_stealer

Malicious versions

1.166.16
1.166.19

Campaigns

Mini Shai-Huludattributed-to

Indicators

domaingit-tanstack.comcommunicates-with
domainfilev2.getsession.orgcommunicates-with
domain169.254.169.254communicates-with
ipv4169.254.169.254communicates-with
sha256ce7e4199506959fd7a71b64209b2c07b9c82e53a946aa7d78298dc9249230d01indicates
sha179ac49eedf774dd4b0cfa308722bc463cfe5885cindicates

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
ttpT1041 Exfiltration Over C2 Channeluses
ttpT1539 Steal Web Session Cookieuses

Read the full analysis →