MAL-2026-3485 Malicious code in @tanstack/solid-start-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4905d7bb1a4d6f69ec73fe4cc8fa958262fcab1397fed5725ac39db447f6239a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@solidjs-email/dev-server (=2.0.0), @tanstack/solid-start (>=1.20.3-alpha.1 <=1.167.62) potentially affected by unknown CVE via @tanstack/solid-start-client (>=1.121.0-alpha.28 <=1.166.5)

@tanstack/solid-start-client NPM version =1.121.0-alpha.28, =1.20.3-alpha.1, =1.167.62 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3485...

@leeforge/fusion (=0.1.0), @nativescript/tanstack-router (>=0.0.1 <=0.1.2) +6 more potentially affected by unknown CVE via @tanstack/solid-router (>=1.121.0-alpha.28 <=1.169.2)

@tanstack/solid-router NPM version =1.121.0-alpha.28, =0.0.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =0.1.0, =1.0.15 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3481...

@tanstack/solid-start (>=1.121.0-alpha.28 <=1.167.62) potentially affected by CVE-2026-45321 via @tanstack/solid-start-client (>=1.121.0-alpha.28 <=1.166.5)

@tanstack/solid-start-client NPM version =1.121.0-alpha.28, =1.121.0-alpha.28, =1.167.62 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDSTARTCLIENT-16640233...