TanStack Solid Router
npm@tanstack/solid-routerTanStack Solid Router is the SolidJS adapter for TanStack Router, providing type-safe routing for Solid applications. It shares the same core routing engine as TanStack React Router and is affected by the same CVE-2026-45321 family of path traversal issues.
Checking TanStack Solid Router
@tanstack/solid-router 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=%40tanstack%2Fsolid-router&version=1.56.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "@tanstack/solid-router",
"version": "1.56.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
SolidJS router packages parse user-supplied URL segments in the same way as React-based counterparts. The CVE-2026-45321 path traversal class affects this package because it shares the same core URL parsing code.
Attestd monitors @tanstack/solid-router using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
npm_deprecationnpm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.