supply chain / tanstack-eslint-plugin-router

TanStack ESLint Plugin (Router)

registrynpm

package name@tanstack/eslint-plugin-router

maintainerTanStack

The TanStack Router ESLint plugin enforces correct usage of TanStack Router APIs, flagging incorrect hook calls, missing route configurations, and type-unsafe patterns. It runs as part of the project's ESLint configuration.

api usage

Checking TanStack ESLint Plugin (Router)

@tanstack/eslint-plugin-router 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Feslint-plugin-router&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/eslint-plugin-router",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

ESLint plugin packages run on every linting pass during development and CI. A compromised ESLint plugin can exfiltrate source code seen during lint analysis, which covers all files in the linted project.

Attestd monitors @tanstack/eslint-plugin-router using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack React Router ESLint Response fields