TanStack's npm account was compromised; here's what happened

The popular React query library TanStack fell victim to an npm account takeover, exposing the supply-chain risks that plague even well-maintained open-source projects. The postmortem details how the breach occurred and what the maintainers did to lock things down—a sobering read for any indie dev relying on third-party packages.