A single PR just hijacked the NPM registry...

A sophisticated supply chain attack recently compromised over 100 NPM packages, downloaded millions of times weekly. The attack bypassed NPM's trusted publishing feature, exploiting a flaw in TanStack's GitHub Actions workflow. An attacker forked the TanStack repository and created a pull request, which, due to misconfiguration, triggered the publishing workflow in the context of the main repository with elevated permissions. This allowed the attacker to inject a poisoned file into the CI server's cache. When a legitimate pull request was later merged, the poisoned file accessed an NPM publish token from the cache and used it to publish compromised versions of TanStack packages. This malware then spread to other packages and even Python SDKs. The attack evolved, forging commits signed by the CloudCode GitHub app and embedding itself into development editors. A "Deadman switch" was installed on infected machines, designed to delete the user's home folder if cleanup attempts were made. Preventative measures include using PNPM 11 or higher, which offers features like minimum release age, blocking exotic sub-dependencies, and approving builds. These features help mitigate risks by refusing recently published packages, preventing installation from untrusted sources, and blocking automatic execution of install scripts. Sentry's Seer Agent is also highlighted as a tool for automatically investigating production issues.