Latest incident:TanStack + @uipath mini-Shai-Hulud compromise (11 May 2026)
Check now
DependencyWatch.io
FeedRecommendationsSolutionsSubmitScan your lockfile
Hardening recommendations

Defend against fast-detonate supply-chain attacks.

The May 2026 TanStack compromise was live in npm for under 7 minutes. The March Axios RAT was up for about 3 hours. Anything that resolves to latest or a loose semver range during that window installs the malicious version. These configuration changes buy you a window to verify before you install. Pick the tab for your ecosystem.

Scan your lockfile first

Wait before installing newly-published versions

Every major Node package manager now supports a minimum release age gate: pnpm 10, npm 11.5, and Bun 1.3. Set it to 1 day at minimum, 3 days for security-sensitive projects.

Why it matters
Maintainer-account compromises get caught and the malicious version unpublished within hours. Holding installs for 24 to 72 hours after a release means the unsafe versions are usually gone by the time your CI pulls them.

Always install from a lockfile in CI

The lockfile is your audit trail. If something compromised slips in, it lands visibly in a diff, not silently via a transitive bump.

CI install commands
npm ci                       # not "npm install"
pnpm install --frozen-lockfile
yarn install --immutable
pip install --require-hashes -r requirements.txt
Why it matters
An unpinned npm install in CI can pull a newly-published malicious version even when your lockfile says otherwise. The ci / frozen / immutable flags refuse to resolve anything outside the lockfile.

Pin exact versions for dependencies you care about

Use exact pins (no ^ / ~) for high-blast-radius packages. Renovate or Dependabot still bumps them, but in PRs you can review, not silently at install time.

package.json
{
  "dependencies": {
    "@tanstack/react-router": "1.169.4",
    "axios": "1.14.0"
  }
}
Why it matters
In the Axios incident, the malicious release was 1.14.1. Anyone with ^1.14.0 pulled it on next install. Anyone pinned to 1.14.0 did not.

Rotate CI/CD secrets to short-lived OIDC tokens

Replace long-lived NPM_TOKEN and cloud-provider keys with OIDC-issued credentials, scoped to the specific job and time-bounded.

Why it matters
Most of the May 2026 worm's damage came from npm publish tokens stolen out of CI runner memory. OIDC trust between GitHub or GitLab and your registry means there is no long-lived token to steal in the first place.
GitHub Actions OIDC npm trusted publishers

Refuse post-install scripts for untrusted dependencies

If your project does not need any native compilation, this is free protection. If it does, allowlist only the specific packages that need a build step.

shell
# npm
npm install --ignore-scripts
# pnpm — interactive consent
pnpm config set ignore-scripts true
# yarn 4+
yarn config set enableScripts false
Why it matters
Every credential-stealing payload this year ran via postinstall or preinstall. Disabling scripts blocks the initial execution outright. You can re-enable per-package via pnpm onlyBuiltDependencies or an allowlist.

Audit packages before adoption, not after

Add a dependency-review GitHub Action to your repo to flag risky additions at PR time.

Why it matters
Scan tools like Socket, Snyk Advisor, deps.dev, and the GitHub Advisory Database give you a read on a package's maintenance, install scripts, and history. Run them on new additions in PR review. That is the cheapest place to catch a typosquat.
Socket deps.dev GitHub Advisory DB

Spot something inaccurate or have a recommendation we have missed? Get in touch.