TanStack Router Core
npm@tanstack/router-coreTanStack Router Core contains the framework-agnostic routing engine shared by TanStack React Router and Solid Router. It handles route matching, history management, and navigation lifecycle. All framework-specific TanStack Router packages depend on this core package.
Checking TanStack Router Core
@tanstack/router-core 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=%40tanstack%2Frouter-core&version=1.56.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "@tanstack/router-core",
"version": "1.56.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
Framework-agnostic core routing packages are shared across multiple higher-level packages. A compromised core propagates to React, Solid, and any other framework adapter that depends on it, multiplying the affected surface in a single publish.
Attestd monitors @tanstack/router-core using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
npm_deprecationnpm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.