MAL-2026-3441 Malicious code in @squawk/fix-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 624b956af551986dc49e0004c6e0c804f3b48f57216b63bb5784c9c236e866da The package @squawk/fix-data was found to contain malicious code. Source: ghsa-malware b47010b41e9098203e9d382c36292a5bfa3c32741fbc916a9a9935f9975fc8...

Malicious code in cross-stitch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfe06155444d60d3774a256051b31f6a4814f484f33830cbe61eec7ebe611be6 The package cross-stitch was found to contain malicious code. Source: ghsa-malware 7c23bb77e762be76915e8202d11074aaa122efe0a8a32e403fa00ee8563c9bbe A...

MAL-2026-3486 Malicious code in @tanstack/solid-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9f623ce85c893266087d3eeb9812938d0f3eea0ddb33cd735589c104dafb8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9f623ce85c893266087d3eeb9812938d0f3eea0ddb33cd735589c104dafb8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3484 Malicious code in @tanstack/solid-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1309e41e89af050fba691af97aead540f282665981835c46aeb4abc3180f0c94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1309e41e89af050fba691af97aead540f282665981835c46aeb4abc3180f0c94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5561f0a3c6cc70a2aee56f25476fadbba6cc833f55c0dde246737b99f38c9e8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3487 Malicious code in @tanstack/start-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5561f0a3c6cc70a2aee56f25476fadbba6cc833f55c0dde246737b99f38c9e8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-fn-stubs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e25d3624c39cfe3dae76a5630525e72d3f0fe2f8eb1bbb44a0ff17c3a39d4fe2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3489 Malicious code in @tanstack/start-plugin-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b587e79343875d24fc89fcc4df1fd24b25a111762b0a043ae2d01c30e34db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-plugin-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b587e79343875d24fc89fcc4df1fd24b25a111762b0a043ae2d01c30e34db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-server-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7db0631bb410a51551790c0b55b574d53aea5d7a677439e6f3cf877503317658 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3490 Malicious code in @tanstack/start-server-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7db0631bb410a51551790c0b55b574d53aea5d7a677439e6f3cf877503317658 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3491 Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-storage-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7021ac6b47d0f973f936ca9d15cd26f43a01b1151ce691ec8b10be5001be2bb This version of @tanstack/start-storage-context belongs to the @tanstack/ package family that was compromised via CI cache poisoning, with 42 package...

MAL-2026-3492 Malicious code in @tanstack/start-storage-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7021ac6b47d0f973f936ca9d15cd26f43a01b1151ce691ec8b10be5001be2bb This version of @tanstack/start-storage-context belongs to the @tanstack/ package family that was compromised via CI cache poisoning, with 42 package...

MAL-2026-3493 Malicious code in @tanstack/valibot-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25062244509cace2232407aaa71ca13d0ca2cf2c113e8e1dd19280694a3475cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/valibot-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25062244509cace2232407aaa71ca13d0ca2cf2c113e8e1dd19280694a3475cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3494 Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...