supply chain / tanstack-router-generator

TanStack Router Generator

registrynpm

package name@tanstack/router-generator

maintainerTanStack

TanStack Router Generator is the core route generation engine used by the Router CLI and Vite plugin. It parses the file-based routing directory and outputs typed route tree definitions. Both the CLI and Vite plugin delegate to this package for the actual code generation.

api usage

Checking TanStack Router Generator

@tanstack/router-generator 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Frouter-generator&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/router-generator",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Source code generation packages that write files to the project are particularly sensitive because a compromised generator can inject arbitrary code into files that are version-controlled and compiled into the production bundle.

Attestd monitors @tanstack/router-generator using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack Router CLI TanStack Router Plugin Response fields