TanStack Router Plugin
npm@tanstack/router-pluginTanStack Router Plugin is the Vite / Rspack / webpack integration for TanStack Router, hooking into the build pipeline to generate route trees and enable HMR for route file changes. It runs inside the build tool process with access to the full project source.
Checking TanStack Router Plugin
@tanstack/router-plugin 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=%40tanstack%2Frouter-plugin&version=1.56.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "@tanstack/router-plugin",
"version": "1.56.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
Build tool plugins run in the same process as the bundler and have access to all module source code passing through the compilation pipeline. A compromised plugin can modify module contents in memory before they are bundled, without leaving traces in source files.
Attestd monitors @tanstack/router-plugin using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
npm_deprecationnpm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.