TanStack npm Supply-Chain Attack: Full Postmortem Meta Description: A deep-dive postmortem of the TanStack npm supply-chain compromise — what happened, how it was discovered, and what developers must do to protect their projects now. TL;DR: The TanStack npm supply-chain compromise was a significant security incident affecting one of the most widely-used JavaScript library ecosystems. Attackers targeted the TanStack package namespace on npm, injecting malicious code into the dependency chain. This postmortem breaks down the attack timeline, the blast radius, detection methods, and — most importantly — the concrete steps every developer and security team should take to prevent similar incidents. What Happened: The TanStack npm Supply-Chain Compromise If you've built anything with React, Vue, or Solid in the last few years, you've almost certainly used a TanStack library. TanStack Query, TanStack Table, TanStack Router — these packages collectively pull in hundreds of millions of npm downloads.…