MAL-2026-3475 Malicious code in @tanstack/router-devtools-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@env-hopper/frontend-build-vite (=2.0.1-alpha.0), @ibootz/claude-code-viewer (>=0.7.5 <=0.8.2) +11 more potentially affected by CVE-2026-45321 via @tanstack/router-devtools-core (>=1.120.19 <=1.167.3)

@tanstack/router-devtools-core NPM version =1.120.19, =0.7.5, =0.4.2, =0.0.1, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.140.0, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERDEVTOOLSCORE-16640219...

4help-app-shared (>=1.0.21 <=1.0.26), 4help-shared (>=1.0.2 <=1.0.20) +3205 more potentially affected by CVE-2023-5654 via react-devtools-core (>=1.0.6 <=4.28.0)

react-devtools-core NPM version =1.0.6, =1.0.21, =1.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.22, =0.0.12, =1.2.0, =1.0.4, =0.0.1, =0.0.6 and more Source cves: CVE-2023-5654 Source advisory: OSV:GHSA-RXRC-RGV4-JPVX...