Tan Stack Scanner
If you heard of the shai hulud exploit, you know how serious this is. Another supply chain attack hit and this one is rough. If attacked, this malware will target claude and VS Code to burrow in so even if you remove it, it still will stay resident. This worm initially went after npm models, it was later found to spread to Python modules on PyPi as well.
I made an open source scanner that detects traces of this worm so you can easily remove it from your system.
https://github.com/officiallymarky/tanstackscanner
What it checks
- Known IOC filenames:
router_init.jsrouter_runtime.jstanstack_runner.jsgh-token-monitor.shsetup.mjs
- Known malicious SHA-256 hash:
ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
- Suspicious dependency strings in manifests and lockfiles:
@tanstack/setupgithub:tanstack/router79ac49eedf774dd4b0cfa308722bc463cfe5885c
- User-level persistence artifacts for
gh-token-monitor - Running processes matching known IOC names
This attack was initially discovered with this Github comment.
https://github.com/TanStack/router/issues/7383#issuecomment-4425225340
These attacks are becoming more and more common with AI being available to everyone and the flood of vibe coded apps. While there is no way to protect against these attacks, you can minimize them by using tools like safe-npm to only install packages that are 90 days old. This typically gives it enough time to discover compromised packages but it isn't 100% fail proof.
Leave Tan Stack Scanner to:
Read more #security posts
Best Posts From Marky
We have not curated any of themarkymark's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From Marky
- Tan Stack Scanner
- New LLM benchmark: llmtester
- Receive proactive alerts when your openclaw instance is unavailable
- My two favorite Openclaw hacks
- If you are running openclaw, make sure you are updated.
- Some things I wish someone told me when I setup Openclaw
- If you are running openclaw, make sure you are updated.
- Hive Hot or Not improvements
- Hive Hot or Not!
- Block Bandits update
- Absolutely killed it in Miner Wars this week
- Been mining bitcoin with Gomining for a month now
- How to boost in Miner Wars without going broke
- Want to join Block Bandits?
- Boiling down short form content on Hive
- Nvidia RTX 6000 Pro power efficiency testing
- Hive Analytics 2026 Proposal
- Meet Number 6
- Upgrading Home Server Cluster
- PSA: BroFund/Bro/ManCave likely compromised