This release adds 3 notable features for engineering teams evaluating rollout.
Published 18d
Forensics & Incident Response
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
bash-script
compromise-detection
cve-2026-45321
dependency-scanner
security
docker
+13 more
ghsa
incident-response
ioc-detection
malware-detection
npm-security
security-audit
security-scanner
security-tools
shai-hulud
supply-chain-attack
supply-chain-security
tanstack
zero-day
Summary
AI summaryAdds a security tool to detect Tanstack compromise vulnerabilities.
Full changelog
tanstack-compromise-checker v1.0.0
Verify before running — this is a security tool, treat it like one.
One-liner (bash, with checksum verification)
TAG=v1.0.0
curl -fsSLO https://github.com/fabriziosalmi/tanstack-compromise-checker/releases/download/$TAG/check.sh
curl -fsSLO https://github.com/fabriziosalmi/tanstack-compromise-checker/releases/download/$TAG/check.sh.sha256
sha256sum -c check.sh.sha256 && bash check.sh
Docker (works on macOS, Linux, Windows)
docker run --rm -v "$PWD":/scan ghcr.io/fabriziosalmi/tanstack-compromise-checker:1.0.0 /scan true fail tanstack-findings.json '' GHSA-g7cv-rxg3-hmpx
GitHub Action
- uses: fabriziosalmi/[email protected]
with:
scan-dir: .
online: 'true'
Image provenance is signed; verify with:
gh attestation verify oci://ghcr.io/fabriziosalmi/tanstack-compromise-checker:1.0.0 --repo fabriziosalmi/tanstack-compromise-checker
Full Changelog: https://github.com/fabriziosalmi/tanstack-compromise-checker/commits/v1.0.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Tanstack Compromise Checker
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]