TanStack router library was compromised through an unspecified vulnerability that allowed attackers to publish malicious versions containing credential-stealing malware to the npm registry. The malicious packages were distributed under the trusted TanStack identity, creating a supply chain attack vector. This affects the open-source JavaScript routing library used in various web applications. The vulnerability demonstrates how trusted package identities can be compromised to distribute malware through package managers.