Socket Research Team detected an active supply-chain attack via a brand‑squatted unscoped tanstack package on npm whose postinstall scripts in versions 2.0.4–2.0.7 silently collect and exfiltrate environment files (.env, .env.local, .env.production) to an attacker-controlled Svix ingest endpoint. The campaign is tied to npm author sh20raj and Svix source src_3387PLMB2uhXOBe3Q8sHu; Socket recommends uninstalling affected versions, rotating secrets, and blocking the unscoped tanstack package in registries. #tanstack #src_3387PLMB2uhXOBe3Q8sHu
Keypoints
- Socket detected a deliberate supply-chain attack that published malicious versions of an unscoped npm package named tanstack that impersonates the official @tanstack/* scope.
- Versions 2.0.4 through 2.0.7 (published within a 27‑minute window) are confirmed malicious and share the same exfiltration infrastructure, indicating a planned campaign.
- Malicious postinstall scripts collect dotenv files (.env, .env.local, .env.production, and .env.* variants in v2.0.6) and exfiltrate them via a Svix ingest URL tied to source ID src_3387PLMB2uhXOBe3Q8sHu.
- Different versions vary in behavior: 2.0.4 and 2.0.7 target .env/.env.local (with obfuscation/commented logs), 2.0.5 also exfiltrates README.md and AGENTS.md, and 2.0.6 aggressively globs all .env.* files and runs fully silently.
- The unscoped tanstack package is not affiliated with the legitimate TanStack project; TanStack confirmed brandjacking and ongoing trademark/legal actions against the maintainer.
- Socket’s AI detection flagged the postinstall exfiltration; recommended mitigations include uninstalling affected versions, rotating all secrets present at install time, auditing dependency files for the unscoped tanstack, and blocking the package in registry policies.
MITRE Techniques
- [T1195 ] Supply Chain Compromise – Attackers published malicious package versions to npm to compromise downstream users: ‘active supply-chain attack targeting the unscoped tanstack package on npm’
- [T1195.003 ] Compromise Software Dependencies and Development Tools – Malicious code executed during package installation via npm lifecycle scripts to compromise developers: ‘postinstall behavior designed to exfiltrate environment files’
- [T1036 ] Masquerading – Brand‑squatting an unscoped package to impersonate the legitimate @tanstack/* projects and deceive developers: ‘brand-squatted impersonation of the legitimate @tanstack/* organization’
- [T1005 ] Data from Local System – The postinstall script collected local environment files such as .env, .env.local, and .env.production: ‘silently steal environment variable files, including .env, .env.local, and .env.production’
- [T1567 ] Exfiltration Over Web Service – Stolen files were POSTed to a Svix ingest endpoint over HTTPS acting as a dead‑drop: ‘the malicious postinstall script POSTs stolen .env contents to that URL’
Indicators of Compromise
- [Packages ] Malicious npm package versions published to npm – npm/[email protected], npm/[email protected] (and 2.0.5, 2.0.6)
- [Author ] Package maintainer account associated with malicious publishes – sh20raj
- [Network ] Exfiltration endpoint and source identifier – hxxps://api[.]svix[.]com/ingest/api/v1/source/src_3387PLMB2uhXOBe3Q8sHu/, Svix Source ID src_3387PLMB2uhXOBe3Q8sHu
- [Files ] Targeted local files collected at install time – .env, .env.local, .env.production (and other .env.* variants)
- [Scripts ] Malicious lifecycle/script artifacts – postinstall.js (obfuscated function name sendReadme()), secondary postinstall.js exfiltrating README.md
- [Dependent Package ] Observed downstream dependency referencing the malicious package – npm/[email protected]
Read more: https://socket.dev/blog/tanstack-brandsquat-compromise