AIToday

Shai-Hulud npm worm targets TanStack packages by exploiting GitHub Actions; steals credentials and self-propagates to maintainers' other packages

Hacker NewsMay 12, 20263 min read
Shai-Hulud npm worm targets TanStack packages by exploiting GitHub Actions; steals credentials and self-propagates to maintainers' other packages

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. On 2026-05-11 between 19:20 and 19:26 UTC, an attacker published 84 malicious versions across 42 @tanstack/* npm packages using a pull_request_target pattern combined with GitHub Actions cache poisoning and runtime extraction of an OIDC token from the GitHub Actions runner process. The malicious versions were detected publicly within 20 minutes and have since been deprecated.

  2. The payload harvests credentials from AWS IMDS / Secrets Manager, GCP metadata, Kubernetes service-account tokens, Vault tokens, ~/.npmrc, GitHub tokens, and SSH private keys. It then self-propagates by enumerating other npm packages the victim maintains via the registry and republishing them with the same injection. The stolen data is encrypted with AES-256-GCM and RSA-OAEP-SHA-256 (4096-bit), then published as public GitHub repositories under the victim's account.

  3. Anyone whose machine or CI runner installed an affected @tanstack/* version during the ~26-minute active window should assume their npm maintainer tokens and other credentials are compromised. TanStack recommends rotating AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials reachable from any install host, and pinning affected packages to versions published before the incident.

Discussion

No discussion yet for this article

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →