TanStack GitHub Actions Trusted Publisher Supply Chain Compromise

This repository is a small educational lab that simulates an npm supply-chain attack associated with CVE-2026-45321/TanStack-themed compromise scenarios. It is not a full offensive toolkit; instead, it demonstrates how a malicious package can achieve install-time code execution through the npm `postinstall` lifecycle hook and how similar behavior could affect CI/CD pipelines. Repository structure: `attacker-package/` contains the core exploit logic, including `package.json` and `payload.js`; `fake-repo/` contains a GitHub Actions workflow simulation (`test.yml`) showing how CI could invoke installation of the malicious package; `victim-project/` is a placeholder directory representing the victim environment. The main exploit capability resides in `attacker-package/package.json`, which defines `postinstall: node payload.js`, causing `payload.js` to run automatically when the package is installed. The payload itself is simple but functional: it imports Node's `os` and `fs` modules, prints a marker string indicating execution, collects `USER`, hostname, and platform information, and writes that data to `loot.txt`. There is no network exfiltration, persistence, privilege escalation, or remote command-and-control in the provided code. As such, the exploit is operational as a local proof of install-time execution, but the payload is basic and hardcoded. The CI/CD simulation in `fake-repo/test.yml` uses a `pull_request_target` workflow and demonstrates how an install step could execute attacker-controlled package code on a GitHub Actions runner. This reinforces the repository's purpose as a supply-chain and CI/CD abuse demonstration rather than a stealthy real-world malware sample.

This repository is a small educational proof-of-concept simulating an npm supply-chain compromise associated with CVE-2026-45321 and a TanStack-themed package name. The repo contains 5 files: a README, a GitHub Actions workflow snippet (`download (2)`), an npm lockfile-like JSON (`download (7)`), a package manifest mislabeled as `payload.js`, and a JavaScript payload mislabeled as `tanstack-react-router-1.169.5.tgz`. Despite the filename/content mismatch, the intended structure is clear from the README. Core exploit behavior: the malicious package impersonates `@tanstack/react-router` version `1.169.5` and defines a `postinstall` script (`node payload.js`). When the victim installs the tarball, npm executes the lifecycle hook automatically. The payload then collects simple host metadata (`USER`, hostname, platform), prints a marker string (`=== MALICIOUS PAYLOAD EXECUTED ===`), and writes the data to `loot.txt`. This demonstrates install-time arbitrary code execution rather than remote exploitation. The repository does not contain a full offensive framework and is not a detection script. It is an operational PoC because it includes a working payload, though the payload is basic and hardcoded. The main attack vectors are supply-chain compromise of a dependency, CI/CD execution through GitHub Actions `pull_request_target` workflows that run `npm install`, and local file-based package installation via a tarball path. No external C2, exfiltration endpoint, or network beaconing is present in the code; all observable actions are local file writes and console output. Notable endpoints and artifacts include the local tarball path `../attacker-package/tanstack-react-router-1.169.5.tgz`, the output file `loot.txt`, the lifecycle command `node payload.js`, and references to GitHub, NVD, npm, and GitHub Actions documentation. Overall, the repository’s purpose is to demonstrate how a malicious npm package can abuse lifecycle hooks to gain code execution during dependency installation, especially in developer or CI environments that implicitly trust package installs.