Frontend DogmaThe Modern React Stack Explained for 2026, by @jsdevspace:
https://jsdev.space/react-stack-2026/?ref=frontenddogma.com
#react #techstacks #comparisons #nextjs #tanstack #remix #vite #tooling
Postmortem: TanStack npm Supply-Chain Compromise, by @tannerlinsley.com (@tanstack.com):
https://tanstack.com/blog/npm-supply-chain-compromise-postmortem?ref=frontenddogma.com
Postmortem: TanStack npm supply-chain compromise | TanStack Blog
On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the forkβbase trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm. Full postmortem.
Inautilo#Development #Approaches
The best loading states are none at all Β· Making the case for route transitions https://ilo.im/16dcdk
_____
#Preloading #Loading #Routing #Spinners #Skeletons #SPAs #TanStack #WebPerf #WebDev #Frontend
Nils Hartmannπ Was haben Tierbetreuung, #React und #TanStack Start gemeinsam? π€
Werden wir im Juni gemeinsam herausfinden π΅οΈββοΈ:
- Karlsruher Entwicklertag: https://nilshartmann.net/t/getting-started-fullstack-anwendungen-mit-react-und-tan-stack-karlsruher-entwicklertag
- #EnterJS: https://nilshartmann.net/t/getting-started-fullstack-anwendungen-mit-react-und-tan-stack-enter-js
Kommt vorbei! π
CyberNetsecIOπ° TeamPCP Threat Actor Breaches TanStack in 'Mini Shai-Hulud' Supply Chain Campaign
πΈ Financially motivated group TeamPCP compromises popular TanStack library in 'Mini Shai-Hulud' supply chain campaign. The attack on npm/PyPI ecosystems uses malicious packages to steal developer credentials. #SupplyChain #TeamPCP #TanStack #npm
π cyber[.]netsecops[.]io
The New Oil
InfoQπ¨ 42 npm packages - 84 malicious versions - Pushed in just 6 minutes π¨
#TanStack just dropped a detailed postmortem on a sophisticated #SupplyChain attack exposing developers and CI/CD pipelines to credential theft and malware propagation.
π Read more: https://bit.ly/4utUl7s
Hardening TanStack After the npm Compromise, by @crutchcorn and @jherr.dev and others (@tanstack.com):
https://tanstack.com/blog/incident-followup?ref=frontenddogma.com
Analyst207Grafana Breach Exposed by TanStack Supply Chain Attack
Grafana Labs revealed that a supply chain attack led to an unauthorized download of its codebase, exposing a vulnerability that allowed attackers to gain access to its GitHub repositories through a missed workflow token. The breach was detected on May 11, with the company swiftly rotating tokens, but unfortunately, one was overlooked.
GNUTUXMini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & 169 Packages
A large-scale supply chain attack targeted npm and PyPI packages from major projects like TanStack, Mistral AI, UiPath, and OpenSearch, exploiting GitHub Actions vulnerabilities to steal credentials and publish malici...
π https://salehgnutux.github.io/GT-NEWSTECH/en/ai/mini-shai-hulud-supply-chain-attack/
#Mini_Shai-Hulud #Cybersecurity #Supply_Chain #npm #PyPI #TanStack #Mistral_AI #GitHub_Actions
