Most developers think supply-chain attacks happen to other people. Then TanStack happened. Last week, a popular npm package in the TanStack ecosystem was compromised. Attackers pushed a malicious version that exfiltrated environment variables from any machine that ran npm install during the window. Thousands of repos pulled it before anyone noticed. If you're shipping with AI, you're shipping someone else's code. A lot of it. The part nobody wants to admit When Cursor or Claude Code adds a dependency, you almost never read what it does. You skim the README, glance at the GitHub stars, and run npm install . That's the workflow. That's also the attack surface. Here's the actual chain: Your app → 12 direct deps → 400 transitive deps → 4,000 maintainers worldwide → any one of them gets phished → your .env is gone Enter fullscreen mode Exit fullscreen mode The TanStack incident wasn't sophisticated. The attacker didn't break crypto. They compromised one maintainer's npm token. That was enough.…