If you heard of the shai hulud exploit, you know how serious this is. Another supply chain attack hit and this one is rough. If attacked, this malware will target claude and VS Code to burrow in so even if you remove it, it still will stay resident. This worm initially went after npm models, it was later found to spread to Python modules on PyPi as well.
I made an open source scanner that detects traces of this worm so you can easily remove it from your system.
https://github.com/officiallymarky/tanstackscanner
What it checks
- Known IOC filenames:
router_init.jsrouter_runtime.jstanstack_runner.jsgh-token-monitor.shsetup.mjs
- Known malicious SHA-256 hash:
ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
- Suspicious dependency strings in manifests and lockfiles:
@tanstack/setupgithub:tanstack/router79ac49eedf774dd4b0cfa308722bc463cfe5885c
- User-level persistence artifacts for
gh-token-monitor - Running processes matching known IOC names
This attack was initially discovered with this Github comment.
https://github.com/TanStack/router/issues/7383#issuecomment-4425225340
These attacks are becoming more and more common with AI being available to everyone and the flood of vibe coded apps. While there is no way to protect against these attacks, you can minimize them by using tools like safe-npm to only install packages that are 90 days old. This typically gives it enough time to discover compromised packages but it isn't 100% fail proof.