to be clear: this is Github's failure to secure Action CI cache. How are WRITE permissioned tokens exposed with guessable paths in adjacent cache & this goes unfixed?
between this, horrid uptime & commit nuking of main branch. Github gotta go x.com/garyfung/statu…
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @TansTack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm