今天，AI 建站平台 Lovable 正式官宣，新创建的项目已经全面迁移到 TanStack Start。 最近几个月，越来越多 AI 公司，开始逃离 Next.js。 从 T3 Chat，到 Anthropic，再到刚刚宣布迁移的 Lovable，它们不约而同地选择了同一个技术栈。 今天，AI 建站平台 Lovable 正式官宣，新 ...

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. In the ongoing Shai-Hulud ...

The TanStack team has documented security measures and proposals following a damaging breach last week, including the possibility of making pull requests (PRs) by invitation only - a break from the ...

On May 11, 2026, several TanStack packages on npm were briefly replaced with malicious versions, raising fresh concerns about how attackers can use trusted open-source software to reach developer ...

OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several ...

Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. OpenAI has disclosed the impact of the recent TanStack supply chain attack, ...

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...