supply chain / tanstack-router-devtools

TanStack Router Devtools

registrynpm

package name@tanstack/router-devtools

maintainerTanStack

TanStack Router Devtools is the framework-agnostic devtools core used by both React and Solid router devtools packages. It inspects router state and exposes it to browser devtools panels.

api usage

Checking TanStack Router Devtools

@tanstack/router-devtools 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Frouter-devtools&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/router-devtools",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Framework-agnostic devtools packages are a vector for supply chain attacks because a single package compromise affects multiple framework implementations simultaneously.

Attestd monitors @tanstack/router-devtools using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack Router Devtools Core TanStack React Router Devtools Response fields