TanStack's npm packages were compromised due to a supply-chain attack that exploited vulnerabilities in GitHub Actions and npm. The attack was detected by an external researcher and all affected versions have been deprecated and removed. The incident highlights the importance of monitoring and securing dependencies in the npm ecosystem. TanStack has issued an official all-clear on their repo and package security after a three-day security sweep and hardening pass.