Skip to content

Tanstack Compromise Checker

Forensics & Incident Response

Detects and scans for the TanStack npm supply‑chain attack across developer machines, repositories, or CI runners

Track releases GitHub
Shell Latest v1.2.0 · 16d ago Security brief →

Features

  • Checks for dead‑man's switch daemons on macOS/Linux (LaunchAgents, systemd units)
  • Scans shell rc files, crontabs and XDG autostart for persistence mechanisms
  • Looks for leaked credentials in env vars, npm/yarn config, AWS/GCP/Azure configs, Docker/Kubernetes files
  • Identifies malicious `@tanstack/*` packages via version lists or online GHSA advisory queries
  • Provides JSON output and suggested pin commands for CI integration

Recent releases

View all 6 releases →
No immediate action
v1.2.0 Security relevant

Security fix GHSA-g7cv-rxg3-hmpx

Open
No immediate action
v1.1.2 Security relevant

GHSA‑g7cv‑rxv3‑hmpx fix

Open
No immediate action
v1 Security relevant

GHSA‑g7cv‑rxg3‑hmpx

Open
No immediate action
v1.1.1 Security relevant

Security fix GHSA-g7cv-rxg3-hmpx

Open
No immediate action
v1.1.0 Security relevant

GHSA‑g7cv‑rxg3‑hmpx fix

Open

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
1
Forks
0
Languages
Shell Dockerfile
View on GitHub

Install & Platforms

Install via
shell-script docker
Platforms
linux macos windows arm64

Similar tools

CAPA
Radare2
squid-protocol/gitgalaxy](https:
OSSEC
go-audit

Beta — feedback welcome: [email protected]