One-command supply-chain attack scanner for CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx
Detects the "Mini Shai-Hulud" worm that compromised 42 @tanstack/* npm packages (84 malicious versions) on May 11, 2026.
# One line β scan your project
curl -fsSL https://raw.githubusercontent.com/Caixa-git/tanstack-shield/main/tanstack-shield.sh | bash
# Scan specific directory
curl -fsSL https://raw.githubusercontent.com/Caixa-git/tanstack-shield/main/tanstack-shield.sh | bash -s -- /path/to/project
# Download and use directly
git clone https://github.com/Caixa-git/tanstack-shield.git
cd tanstack-shield
python3 tanstack-shield.py .On May 11, 2026, an attacker chained three known vulnerability classes β pull_request_target (Pwn Request) misconfiguration, GitHub Actions cache poisoning, and OIDC token memory extraction β to publish 84 malicious versions across 42 @tanstack/* packages under TanStack's trusted npm identity.
The malware harvested credentials (GitHub tokens, npm tokens, SSH keys, AWS/GCP/Kubernetes/Vault), exfiltrated them over Session messenger, and self-propagated to other packages the victim maintained.
The same campaign also hit Mistral AI (npm + PyPI), UiPath (65 packages), OpenSearch (1.3M weekly npm downloads), and 170+ total npm packages plus 2 PyPI packages.
- CVE: CVE-2026-45321
- Advisory: GHSA-g7cv-rxg3-hmpx
- Postmortem: tanstack.com/blog/npm-supply-chain-compromise-postmortem
- Attacker: TeamPCP ("Mini Shai-Hulud" worm)
- StepSecurity analysis: stepsecurity.io/blog/mini-shai-hulud
Read-only scanner that checks your project for:
| What | Files | Result |
|---|---|---|
| npm lockfile | package-lock.json, npm-shrinkwrap.json |
π΄ Exact malicious version match |
| pnpm lockfile | pnpm-lock.yaml |
π΄ Exact malicious version match |
| yarn lockfile | yarn.lock |
π΄ Exact malicious version match |
| manifest deps | package.json (root + workspaces) |
π‘ Package presence warning |
| malware fingerprint | @tanstack/setup in optionalDependencies |
π΄ Confirmed malware |
| suspicious git deps | github:tanstack/router#<commit> |
π΄ Confirmed malware |
| lifecycle scripts | prepare with bun + router_init |
π΄ Confirmed malware |
| node_modules | node_modules/@tanstack/* (fallback) |
π΄ Exact version match |
Note: Lockfiles are only scanned at the project root. If you're using a monorepo with lockfiles in subdirectories (e.g. packages/web/package-lock.json), run the scanner inside each workspace, or from the monorepo root where the top-level lockfile lives.
- π΄ CRITICAL β Malware detected. Follow the remediation guide (printed automatically).
- π‘ WARNING β
@tanstack/*found in package.json. Check your lockfile. - π’ SAFE β No known malicious packages detected.
- Your files and system are not damaged
- But credentials accessible from that machine may have been stolen
- Rotate GitHub tokens, npm tokens, SSH keys, and cloud credentials immediately
curl -fsSL https://raw.githubusercontent.com/Caixa-git/tanstack-shield/main/tanstack-shield.sh | bash -s -- --jsonThis tool is read-only. It never creates, modifies, or deletes files on your system.
- Python 3.8+
- curl (for one-liner mode)
MIT