MAL-2026-3483 Malicious code in @tanstack/solid-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8693692b7ab31b63eb7411750d5b8798beec7ab29dddc1adea60186d354f4ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97a7cf294a17c17e22c7eead7d3de9f693c5488aecba96129d5b79b52f430de This version falls within the @tanstack/ package family compromised on 2026-05-11. The campaign published 42 packages × 2 versions each with the...

@leeforge/fusion (=0.1.0), @nativescript/tanstack-router (>=0.0.1 <=0.1.2) +6 more potentially affected by unknown CVE via @tanstack/solid-router (>=1.121.0-alpha.28 <=1.169.2)

@tanstack/solid-router NPM version =1.121.0-alpha.28, =0.0.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =0.1.0, =1.0.15 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3481...

Malicious code in @tanstack/solid-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79e1b5cf7bf19cbf81420be17e5aad851d9f2e2943848f3a4b295e2ed7a8ed2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3481 Malicious code in @tanstack/solid-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79e1b5cf7bf19cbf81420be17e5aad851d9f2e2943848f3a4b295e2ed7a8ed2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@leeforge/fusion (=0.1.0), @nativescript/tanstack-router (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-45321 via @tanstack/solid-router (>=1.121.0-alpha.28 <=1.169.2)

@tanstack/solid-router NPM version =1.121.0-alpha.28, =0.0.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =0.1.0, =1.0.15 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDROUTER-16640230...

@alivault/pico (>=0.1.0 <=0.1.2), @argus-vrt/web (=0.1.0) +29 more potentially affected by CVE-2026-45321 via @tanstack/router-ssr-query-core (>=1.121.0-alpha.28 <=1.168.0)

@tanstack/router-ssr-query-core NPM version =1.121.0-alpha.28, =0.1.0, =0.0.4, =1.0.0, =0.1.0, =1.121.0-alpha.28, =1.133.19, =1.140.0, =0.2.4, =0.0.1, =0.1.0-alpha.1, =0.1.0-alpha.2 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERSSRQUERYCORE-16640223...