What now? explaining the TanStack Supply Chain Attack

A sophisticated npm supply chain attack affected 42 TanStack packages, publishing 84 malicious versions within 6 minutes. The attackers exploited a dangerous GitHub Actions trigger, without needing stolen passwords.