An attacker successfully compromised the GitHub Actions OIDC trusted-publisher binding to inject malicious code into legitimate npm packages.

This is a supply chain compromise involving the chaining of a pull_request_target misconfiguration, GitHub Actions cache poisoning, and OIDC token theft from the runner process. This allowed the attacker to masquerade as a trusted identity to publish malicious versions of @tanstack/* packages.

This vulnerability represents a severe supply chain threat, potentially affecting any downstream software that relies on the compromised packages. With a CVSS score of 9.6, the incident highlights the risks associated with CI/CD pipeline trust boundaries.

Immediate Action: Audit all CI/CD workflows for pull_request_target usage and implement hardened OIDC token handling.

Proactive Monitoring: Monitor for unexpected package publications and scan dependencies for signs of tampering or unauthorized code.

Compensating Controls: Implement strict environment variable access controls and use ephemeral, short-lived tokens for all CI/CD operations.

Public Exploit Available: true

This incident serves as a critical reminder of CI/CD pipeline security. Organizations must review their GitHub Actions configurations, particularly regarding OIDC and pull request triggers, to prevent similar supply chain attacks.