FixVibe

// code / spotlight

TanStack ArkType Adapter Malware Advisory

Known malicious npm package versions can put CI and developer secrets at install-time risk.

Kaitnya

Supply-chain malware is different from a normal dependency bug: the dangerous action can happen during installation, before the application ever starts. For @tanstack/arktype-adapter, the repo evidence that matters most is whether a project resolves to one of the malicious published versions.

Cara kerjanya

The repo check looks for the npm package `@tanstack/arktype-adapter` in package manifests and lockfiles. Exact manifest declarations and lockfile-resolved versions are reported when they match 1.166.12 or 1.166.15, the affected versions listed by the TanStack and GitHub advisories.

Radius dampak

If either malicious version was installed in a developer workstation or CI environment, credentials available to that install process should be treated as potentially exposed. A repo match should trigger package cleanup, cache/image rebuilds, and credential-impact review, but it is not proof that FixVibe observed exfiltration or host compromise.

// apa yang fixvibe periksa

Apa yang FixVibe periksa

FixVibe repo scans look for high-confidence security patterns and dependency risk in source context. Reports identify the affected area and recommended fix. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

Pertahanan kokoh

Upgrade @tanstack/arktype-adapter to 1.166.16 or a newer clean release, or remove it if unused. Regenerate the active lockfile from a trusted registry state, rebuild CI images, Docker layers, devcontainers, and dependency caches, then rotate install-time credentials if either malicious version was ever installed.

// run it on your own app

Terus rilis sementara FixVibe yang berjaga.

FixVibe menguji permukaan publik app kamu sebagaimana seorang penyerang akan melakukannya โ€” tanpa agent, tanpa instalasi, tanpa kartu. Kami terus meneliti pola kerentanan baru dan mengubahnya jadi check praktis serta perbaikan siap-tempel untuk Cursor, Claude, dan Copilot.

Kode sumber
116
tes yang dijalankan di kategori ini
modules
76
check kode sumber khusus
setiap pemindaian
487+
tes di seluruh kategori
  • Gratis โ€” tanpa kartu kredit, tanpa instalasi, tanpa ping Slack
  • Cukup tempel URL โ€” kami crawl, probe, dan laporkan
  • Temuan berperingkat severity, di-dedupe jadi sinyal saja
  • AI-ready prompts where code applies, plus operator steps for DNS/provider fixes
Jalankan scan gratis โ†’

// latest checks ยท practical fixes ยท ship with confidence

TanStack ArkType Adapter Malware Advisory โ€” Sorotan Kerentanan | FixVibe ยท FixVibe