TanStack React Start (RSC)
npm@tanstack/react-start-rscTanStack React Start RSC enables React Server Components support within TanStack Start, allowing components to render on the server with direct access to databases and server-only modules. RSC components execute in a trusted server context with access to backend resources.
Checking TanStack React Start (RSC)
@tanstack/react-start-rsc 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=%40tanstack%2Freact-start-rsc&version=1.56.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "@tanstack/react-start-rsc",
"version": "1.56.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
RSC runtime packages execute server components that have direct access to databases, secrets, and backend APIs. A compromised RSC runtime can intercept server component props and data before serialization to the client.
Attestd monitors @tanstack/react-start-rsc using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
npm_deprecationnpm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.