Multiple TanStack npm packages were compromised in an active supply chain attack dubbed Mini Shai-Hulud, spreading via hijacked CI/CD pipelines.
Key Takeaways
The Mini Shai-Hulud worm hijacks CI/CD pipelines and steals developer secrets to republish malicious versions of legitimate npm packages.
StepSecurity’s OSS Package Security Feed first detected the attack in official @tanstack packages and is tracking ecosystem spread in real time.
The compromised releases were live for roughly 1-2 hours; react-query was not affected but several other well-known TanStack packages were.
Incident details and IOCs are being published live at stepsecurity.io/blog/mini-shai-hulud-is-back.
Hacker News Comment Review
The malware installs a dead-man’s switch: a systemd user service (Linux) or LaunchAgent (macOS) that polls GitHub’s API every 60 seconds with the stolen token and runs rm -rf ~/ if the token is revoked, making remediation dangerous.
Commenters debated Trusted Publishing: moving from local 2FA publish to CI-based publishing trades one attack surface for another, since any CI compromise or stolen repo admin creds can trigger a publish.
A GitHub shared object storage quirk enables this class of attack: a malicious commit pushed to a fork is reachable at a URI indistinguishable from the legitimate repo, and postinstall scripts execute it automatically in non-pnpm clients.
Notable Comments
@cube00: Details the dead-man’s switch payload at ~/.local/bin/gh-token-monitor.sh – revoke the stolen token and your home directory gets wiped.
@chrisweekly: “A malicious fork’s commits are reachable via GitHub’s shared object storage at a URI indistinguishable from the legit repo. That is absolutely bonkers.”
