Tanstack news

Grafana Labs confirmed a security breach limited to its GitHub environment, exposing public and private source code. The company stated that its investigation found no evidence of customer production systems being compromised. The incident was linked to a supply chain attack involving a TanStack npm package.

GitHub has confirmed that a recent breach of 3,800 internal repositories was caused by a malicious VS Code extension. The extension was compromised in a wider supply-chain attack targeting the popular TanStack npm packages, highlighting the growing risks of software dependencies.