supply chain / tanstack-router-devtools-core

TanStack Router Devtools Core

registrynpm

package name@tanstack/router-devtools-core

maintainerTanStack

TanStack Router Devtools Core is the shared internal implementation used by all TanStack Router devtools packages. It provides the state inspection and serialization primitives that the framework-specific devtools UIs render.

api usage

Checking TanStack Router Devtools Core

@tanstack/router-devtools-core 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Frouter-devtools-core&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/router-devtools-core",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Shared internal devtools packages sit below the visible package surface and receive less direct scrutiny than the framework-specific packages that depend on them, making them an attractive target for a dependency confusion or typosquatting attack.

Attestd monitors @tanstack/router-devtools-core using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack Router Devtools TanStack React Router Devtools Response fields