Malicious code in @tanstack/router-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1a01dce92fa9c8e2cf4d6107c13ae7ebadbf664d1b135b7075f050c32446b26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3476 Malicious code in @tanstack/router-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1a01dce92fa9c8e2cf4d6107c13ae7ebadbf664d1b135b7075f050c32446b26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@tanstack/vue-start (>=1.141.0 <=1.167.58) potentially affected by unknown CVE via @tanstack/vue-start-server (>=1.141.0 <=1.166.5)

@tanstack/vue-start-server NPM version =1.141.0, =1.141.0, =1.167.58 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3500...

Malicious code in @tanstack/vue-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a2e72fba4613219c26e8bfb79da1c3db3666a9e7dc945f1b064e95aa04a5ac5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@genesisailab/admin-package (=0.0.1), @genesisailab/create-admin-package (>=0.0.1 <=0.0.5) +30 more potentially affected by unknown CVE via @tanstack/router-devtools (>=1.105.0 <=1.166.13)

@tanstack/router-devtools NPM version =1.105.0, =0.0.1, =1.0.0, =3.5.5, =1.0.0, =0.0.0, =0.19.0, =0.22.13, =1.0.8, =0.0.0-alpha.3, =3.2.0, =3.5.2, =3.5.7 - app-start-pw =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3474...

Malicious code in @tanstack/router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3474 Malicious code in @tanstack/router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3498 Malicious code in @tanstack/vue-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a01585c5903bfc477b8856810c151bd5dd0cdc04afe7c51b5710eae9b1fc366 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/vue-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a01585c5903bfc477b8856810c151bd5dd0cdc04afe7c51b5710eae9b1fc366 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@use-pico/client (>=4.0.45 <=4.1.52), @use-pico/common (>=4.0.20 <=4.1.52) +1 more potentially affected by unknown CVE via @tanstack/zod-adapter (>=1.112.13 <=1.129.2)

@tanstack/zod-adapter NPM version =1.112.13, =4.0.45, =4.0.20, =4.0.16, =4.1.52 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3501...

Malicious code in @tanstack/zod-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b6bc07c0e2b0175dd6e6bd29157ea6967bb2bcb66f643f9dafd89ab77a9f6fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3501 Malicious code in @tanstack/zod-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b6bc07c0e2b0175dd6e6bd29157ea6967bb2bcb66f643f9dafd89ab77a9f6fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +106 more potentially affected by unknown CVE via @tanstack/router-devtools-core (>=1.120.19 <=1.167.3)

@tanstack/router-devtools-core NPM version =1.120.19, =0.0.1, =0.0.1, =0.0.1-alpha.14, =0.1.0, =0.0.4, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.1.0, =2.0.1-alpha-20260224145405, =2.0.1-alpha.6 - @ezshare/cli =0.0.0 - @ezshare/lib =0.0.0 - @ezshare/web =0.0.0 and more Source cves: unknown CVE Source...

MAL-2026-3475 Malicious code in @tanstack/router-devtools-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +506 more potentially affected by unknown CVE via @tanstack/router-core (>=1.108.0 <=1.169.2)

@tanstack/router-core NPM version =1.108.0, =0.0.1, =0.0.1, =1.0.1, =1.87.15, =0.1.0, =0.2.0, =1.0.0, =0.0.1-alpha.14, =0.1.0, =0.0.2-canary.11, =0.1.0, =1.0.0, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3473...

MAL-2026-3473 Malicious code in @tanstack/router-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3472 Malicious code in @tanstack/router-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a4625c6f00a64d5f9c4d9fe41182c90a5d06c2a6cf72046d9a1e76d65295444 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@stacker-oss/cli (>=0.1.0 <=0.1.2), @sykoramaros/marosh-components (>=0.0.6 <=0.1.17) +2 more potentially affected by unknown CVE via @tanstack/router-cli (=1.166.43)

@tanstack/router-cli NPM version =1.166.43 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/router-cli and may be impacted: - @stacker-oss/cli =0.1.0, =0.0.6, =0.0.4, =0.0.2, =0.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3472...

@alivault/pico (>=0.1.0 <=0.1.2), @argus-vrt/web (=0.1.0) +74 more potentially affected by unknown CVE via @tanstack/react-start (>=1.167.2 <=1.167.65)

@tanstack/react-start NPM version =1.167.2, =0.1.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =1.0.0, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3468...

Malicious code in @tanstack/react-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 006982dd9591684fdcea74c0b70c7600a22bfc969bac6b9fb64f728e7ab34d80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...