TanStack weighs invitation-only pull requests after supply chain attack
Jump to main content
Search
REG AD
Security
TanStack weighs invitation-only pull requests after supply chain attack
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions
Tim Anderson
Tim<br>Anderson
Published<br>mon 18 May 2026 // 15:15 UTC
The TanStack team has documented security measures and proposals following a damaging breach last week, including the possibility of making pull requests<br>(PRs) by invitation only - a break from the open-contribution model that defines most open source projects.<br>The attack used code from the Shai-Hulud<br>worm, published<br>by malware outfit TeamPCP, which can extract secrets from memory<br>used by GitHub Actions. It began with a PR that triggered an automatic workflow via TanStack's use of the pull_request_target<br>feature, causing the malicious code to be built and run by a GitHub Action, poisoning a<br>cache used across the entire repository.
REG AD
The TanStack team said that its workflow used a pattern GitHub warns against: pull_request_target id intended for PRs that "do not<br>require dangerous processing, say building or running the content of the<br>PR."
REG AD
Since the attack, TanStack has removed all use of<br>pull_request_target from its continuous integration (CI) pipeline, disabled<br>caches used by pnpm (a Node.js package manager) and GitHub Actions, pinned actions<br>to commit SHA (Secure Hash Algorithm) hashes rather than retargetable tags, and disabled use of text messages for 2-factor authentication.<br>The TanStack repository also now uses a feature of pnpm 11 called<br>minimumReleaseAge, which requires dependencies to have been published for a set period<br>before they can be installed. The idea is that compromised packages are usually<br>detected and removed before that period completes.
MORE CONTEXT
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
Cache-poisoning caper turns TanStack npm packages toxic
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
A more drastic proposal is closing the<br>ability for external contributors to open pull requests at all. "We are absolutely<br>not going closed source," the team said, but it could put in place a mechanism<br>where contributions begin with an issue or discussion, and a PR can be<br>submitted only by invitation.<br>TanStack acknowledged that it would be a radical step to take as "open PRs are part of how a lot of us became maintainers in the first<br>place." It might not be necessary if the repository can be hardened enough that<br>malicious PRs cannot cause damage.<br>It is a debate that maintainers of other open source<br>projects will watch with interest. Supply chain security is a huge issue, but making<br>pull requests invitation-only could hurt projects by deterring contributions.<br>Another aspect of this is the extent to which GitHub itself is<br>to blame. "Cache scoping in GitHub Actions shouldn't silently bridge fork<br>PRs and base-repo branches," said the TanStack team.®
open source<br>github actions<br>tanstack<br>devops<br>pull requests<br>shai-hulud<br>supply chain attack<br>security
REG AD
Off-Prem
Broadcom finds a VMware customer willing to stick around: London Stock Exchange
LSEG signs up for five more years of Cloud Foundation, but keeps quiet on how much it'll cost
Cyber-Crime
Crook leaks 468k+ records, claims they pwned Portugal’s postal carrier
Ordered packages via CTT? Those phishing emails could be tricky to spot
ZTE Showcases AI Interactive Flat Panel at the Broadband User Congress in Brazil
AI interactive flat panel aimed at offices, elder care, and classrooms with built-in conferencing, automation, and monitoring features unveiled
Offbeat
UK Typhoon jets fitted with bargain-bin drone busters for Middle East sorties
Low-cost laser-guided rockets offer cheaper way to swat Shahed-style threats than firing pricey air-to-air missiles
Columnists
Utah tells porn sites to take the P out of VPNs, and it's their fault that they can't
Governments can't touch VPNs technically or commercially. The mess they'll make if they try will be off the scale
SaaS
SAP's AI strategy: Come for the openness, stay because you have to
Joule Studio 2.0 waves the flag of interoperability, API policy tells enterprises who's really in charge
MOST POPULAR
Security
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
AI + ML
Google users fight for refunds as unauthorized API usage bills soar
Systems
Europe built sovereign clouds to escape US control. Then forgot about the processors
Security
Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator
Networks
Veteran network architect proposes IPv8 – to...