Skip to content
The Nexus
SECURITYMay 18 · 14:15 UTCTHE REGISTER

TanStack weighs invitation-only pull requests after supply chain attack

The TanStack team is considering making pull requests invitation-only after a supply chain attack used malicious code from the Shai-Hulud worm. The attack poisoned a cache used across the entire repository and led to security measures being proposed. The team is weighing the benefits of increased security against potential deterrents to contributions.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this