Overview
GitHub has formally attributed the breach of 3,800 internal repositories to the TanStack npm supply-chain attack that was disclosed last week. According to GitHub's investigation, the attackers gained access to internal systems through a malicious version of the Nx Console VS Code extension — a popular developer tool that was compromised as part of the broader TanStack package poisoning campaign.
The breach is the latest in a growing chain of attacks linked to the Mini Shai-Hulud / TanStack npm worm, which has been propagating through the JavaScript ecosystem by compromising widely-used npm packages and developer tools.
Incident Timeline
| Date | Event |
|---|---|
| ~May 14, 2026 | TanStack npm supply-chain attack first disclosed — malicious packages propagate via compromised npm maintainer accounts |
| May 14, 2026 | OpenAI confirms two employee devices infected via Nx Console VS Code extension |
| May 15, 2026 | Grafana breach attributed to the same attack chain — GitHub token stolen after Tanstack compromise |
| May 20, 2026 | GitHub confirms breach, acknowledges 3,800 internal repositories were accessed |
| May 21, 2026 | GitHub publishes attribution: Nx Console VS Code extension was the infection vector |
How the Attack Worked
The TanStack npm supply-chain attack unfolded in multiple stages, each exploiting trust in the JavaScript developer toolchain:
Stage 1: npm Package Compromise
Attackers compromised maintainer accounts for packages within the TanStack ecosystem — a popular family of open-source JavaScript libraries for tables, queries, forms, and routing, widely used in React and Vue applications. A malicious payload was injected into published npm packages.
Stage 2: VS Code Extension Propagation
The malicious npm payload was incorporated into — or bootstrapped from — a backdoored version of the Nx Console VS Code extension. Nx Console is a popular extension for managing Nx monorepos (used heavily in Angular, React, and Node.js workspaces with tens of thousands of installs).
When developers installed or updated the compromised extension, it silently:
- Executed the TanStack-derived malicious payload in the developer's VS Code environment
- Harvested credentials and tokens stored in the VS Code secrets store and environment
- Exfiltrated GitHub authentication tokens found in the developer's git configuration or keychain
Stage 3: GitHub Internal Access
Armed with GitHub employee credentials or GitHub API tokens obtained from compromised developer machines, the attackers:
- Authenticated to GitHub's internal systems
- Cloned or accessed approximately 3,800 internal GitHub repositories
- Exfiltrated code, configuration, and potentially sensitive internal tooling
GitHub has confirmed that customer data was not accessed, but internal tooling, infrastructure code, and proprietary engineering resources were exposed.
Scope of the GitHub Breach
| Item | Detail |
|---|---|
| Repositories accessed | ~3,800 internal GitHub repositories |
| Customer data affected | None confirmed |
| Employee devices compromised | At least one confirmed infection vector (Nx Console extension) |
| Data types at risk | Internal tooling, infrastructure configuration, proprietary code |
| Attack origin | TanStack npm supply-chain → Nx Console VS Code extension |
Connection to the Broader TanStack Attack Chain
GitHub is the latest in a series of high-profile organizations affected by the TanStack supply-chain campaign:
| Organization | Impact |
|---|---|
| OpenAI | Two employee devices infected; macOS updates forced |
| Grafana | GitHub token stolen via Tanstack attack; codebase downloaded; extortion attempted |
| GitHub | 3,800 internal repos accessed via compromised developer credentials |
| Mistral AI | Code repositories reportedly offered for sale by attackers |
| Checkmarx | Jenkins AST plugin compromised weeks after Kics supply-chain attack |
| Mini Shai-Hulud targets | TanStack, Mistral AI, guardrails-ai, and other npm packages compromised |
Why Supply-Chain Attacks Via Developer Tools Are So Effective
Developer workstations represent one of the highest-value targets in modern attack chains because developers routinely have:
- Highly privileged access: Production deploy keys, cloud credentials, CI/CD secrets
- Broad code repository access: Entire codebases, not just individual services
- Trusted tool execution: IDEs and their extensions run with full local user permissions
- Credential abundance: SSH keys, API tokens, OAuth tokens, and cloud CLI credentials stored locally
VS Code extensions are particularly attractive attack surfaces because:
- Extensions run with full Node.js privileges — not sandboxed
- Developers often install extensions without reviewing their source
- Extensions have direct access to the VS Code workspace, including environment variables and git configurations
- The VS Code extension marketplace has limited vetting compared to npm or browser extension stores
Immediate Actions for Affected Organizations
1. Audit VS Code Extensions
# List all installed VS Code extensions
code --list-extensions
# Check Nx Console extension version
code --list-extensions --show-versions | grep nrwl.angular-consoleRemove and reinstall from a known-clean source if any extensions were installed during the TanStack attack window (May 12–21, 2026).
2. Rotate All Developer Credentials
# Revoke all GitHub personal access tokens (via GitHub Settings > Developer Settings > Tokens)
# Regenerate SSH keys used for GitHub access
ssh-keygen -t ed25519 -C "your_email@example.com"
# Update git remote URLs to use new credentials
git remote set-url origin git@github.com:<org>/<repo>.git3. Audit GitHub Token Usage
For organizations using GitHub Actions or GitHub API tokens, audit recent API activity for unusual access patterns:
# Using GitHub CLI — list recent audit log events
gh api /orgs/<org>/audit-log?phrase=token --paginate | jq '.[] | {action, actor, created_at}'4. Check npm Packages for Compromise
# Run npm audit across all projects
npm audit --audit-level=critical
# Check for known-compromised TanStack packages (verify against GitHub advisory database)
npm list | grep -E "tanstack|nx|@nrwl"Defense Recommendations
| Control | Implementation |
|---|---|
| VS Code Extension Allowlisting | Use VS Code's extension recommendations and block unapproved extensions in enterprise environments |
| Credential Isolation | Store CI/CD secrets in dedicated secret managers, not developer workstations |
| Token Scoping | GitHub tokens should have minimum necessary scopes — avoid broad repo access tokens |
| FIDO2 MFA | Enforce hardware-key MFA for GitHub organization accounts |
| npm Package Locking | Use npm ci with committed lockfiles — avoid allowing automatic minor/patch updates |
| Developer EDR | Deploy endpoint detection on developer workstations — not just production servers |