A Single PR Just Hijacked the NPM Registry...

A sophisticated supply-chain attack compromised over 100 npm packages tied to TanStack and then spread to hundreds more within hours by exploiting GitHub Actions’ pull_request_target workflow and GitHub’s signed CI tokens. The attacker forked the repo, opened and closed a PR to execute the main repo’s workflow with elevated permissions, planted a poisoned file in the CI cache, then later used it to steal ephemeral npm publish tokens and push malicious releases that harvested credentials and propagated to other projects. The worm quickly infected packages from major maintainers (including Mistral AI, UiPath and others), forged commits to evade detection, persisted in developer environments and included a destructive “dead-man” payload that wipes systems if stolen tokens expire. Security researchers tracked hundreds of poisoned versions across dozens of packages, and mitigations like PNPM’s minimum release age, blocking exotic sub-dependencies and approved builds could have limited the impact.