MAL-2026-3465 Malicious code in @tanstack/react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b329cb477cc0d977f9e8e6df59072ea002d6d041b99531596fbd87b8ff80aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b329cb477cc0d977f9e8e6df59072ea002d6d041b99531596fbd87b8ff80aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3466 Malicious code in @tanstack/react-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2583e447a99e68ab9e3a7562a7a9693e1c09de387a824f47a07f325e3b5b4d39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

birdclaw (>=0.1.0 <=0.6.0), livemark (>=0.0.0-dev <=0.23.0) potentially affected by CVE-2026-45321 via @tanstack/react-router-ssr-query (>=1.166.10 <=1.166.12)

@tanstack/react-router-ssr-query NPM version =1.166.10, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTERSSRQUERY-16640207...

@env-hopper/frontend-build-vite (=2.0.1-alpha.0), @graphprotocol/hypergraph-cli (>=0.0.0-alpha.7 <=0.0.0-alpha.22) +9 more potentially affected by CVE-2026-45321 via @tanstack/react-router-devtools (>=1.120.20 <=1.166.13)

@tanstack/react-router-devtools NPM version =1.120.20, =0.0.0-alpha.7, =0.7.5, =0.4.2, =0.0.1, =1.121.0-alpha.28, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTERDEVTOOLS-16640206...

@antidrawapp/runtime (>=0.1.0 <=0.1.1), @baseplate-dev/create-project (>=0.6.2 <=0.6.9) +92 more potentially affected by CVE-2026-45321 via @tanstack/react-router (>=1.0.0 <=1.169.2)

@tanstack/react-router NPM version =1.0.0, =0.1.0, =0.6.2, =0.6.2, =0.1.1, =0.1.1, =0.6.2, =0.2.2, =0.3.0, =0.6.0, =0.2.2, =0.1.1, =0.1.0-fork.2e294b1, =0.1.0-fork.2e294b1, =0.1.1, =1.0.9, =1.4.1 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTER-16640208...

@tanstack/react-router-ssr-query (>=1.121.0-alpha.28 <=1.166.12), @tanstack/solid-router-ssr-query (>=1.133.19 <=2.0.0-beta.20) +3 more potentially affected by CVE-2026-45321 via @tanstack/router-ssr-query-core (>=1.121.0-alpha.28 <=1.168.0)

@tanstack/router-ssr-query-core NPM version =1.121.0-alpha.28, =1.121.0-alpha.28, =1.133.19, =1.140.0, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERSSRQUERYCORE-16640223...