supply chain / tanstack-react-router-ssr-query

TanStack React Router SSR Query

registrynpm

package name@tanstack/react-router-ssr-query

maintainerTanStack

TanStack React Router SSR Query integrates TanStack Query's server-side data fetching with TanStack Router's SSR mode, enabling dehydrated query state to be passed from server to client during SSR.

api usage

Checking TanStack React Router SSR Query

@tanstack/react-router-ssr-query 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Freact-router-ssr-query&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/react-router-ssr-query",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

SSR data bridging packages serialize server-fetched data and embed it in the HTML response. A compromised package can intercept dehydrated query results, which may contain authenticated user data before it is sent to the client.

Attestd monitors @tanstack/react-router-ssr-query using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack React Router TanStack React Start Response fields