<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/" version="2.0">
  <channel>
    <title>InfoQ - NPM - News</title>
    <link>https://www.infoq.com</link>
    <description>InfoQ NPM News feed</description>
    <item>
      <title>TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages</title>
      <link>https://www.infoq.com/news/2026/05/tanstack-supply-chain-attack/?utm_campaign=infoq_content&amp;utm_source=infoq&amp;utm_medium=feed&amp;utm_term=NPM-news</link>
      <description>&lt;img src="https://res.infoq.com/news/2026/05/tanstack-supply-chain-attack/en/headerimage/generatedHeaderImage-1778915238952.jpg"/&gt;&lt;p&gt;TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing developers and CI/CD systems to credential theft and malware propagation.&lt;/p&gt; &lt;i&gt;By Craig Risi&lt;/i&gt;</description>
      <category>Application Security</category>
      <category>NPM</category>
      <category>Software Supply Chain</category>
      <category>DevOps</category>
      <category>news</category>
      <pubDate>Tue, 19 May 2026 12:00:00 GMT</pubDate>
      <guid>https://www.infoq.com/news/2026/05/tanstack-supply-chain-attack/?utm_campaign=infoq_content&amp;utm_source=infoq&amp;utm_medium=feed&amp;utm_term=NPM-news</guid>
      <dc:creator>Craig Risi</dc:creator>
      <dc:date>2026-05-19T12:00:00Z</dc:date>
      <dc:identifier>/news/2026/05/tanstack-supply-chain-attack/en</dc:identifier>
    </item>
  </channel>
</rss>
