@AACeeert profile picture
AACeeert @AACeeert
Joined May 2021
  • Tweets 2,959
  • Following 529
  • Followers 708
17 Photos and videos
Do you remember when you joined X? I do! #MyXAnniversary
56
The TanStack npm malware panic is being misunderstood. Who should ACTUALLY be worried? • ❌ NOT normal users browsing websites • ❌ NOT people just using apps built with TanStack • ❌ NOT frontend devs who never installed the compromised package versions
3
46
If you installed a malicious version: • Rotate secrets immediately • Revoke npm/GitHub tokens • Audit CI pipelines • Treat affected machines as potentially compromised 2026 is proving one thing: “The new perimeter isn’t your firewall. It’s your package manager.”
23
The real target wasn’t your browser. It was the developer supply chain. This wave of attacks is designed to: • Steal npm tokens • Steal GitHub credentials • Exfiltrate .env secrets • Infect CI/CD runners • Spread through trusted package publishing workflows
30
• ⚠️ Developers who ran npm install on affected packages • ⚠️ CI/CD pipelines with npm publish tokens • ⚠️ Teams storing secrets in .env files • ⚠️ Organizations with GitHub/npm tokens on developer machines • ⚠️ Companies auto-deploying dependencies without strict pinning
14
Boom! 36 hours, $3750 in the bank 💯 This is how I want to spend the absolute rest of my life ✌️
1
45
Load more