supply chain / tanstack-router-ssr-query-core

TanStack Router SSR Query Core

registrynpm

package name@tanstack/router-ssr-query-core

maintainerTanStack

TanStack Router SSR Query Core is the framework-agnostic implementation of the SSR Query integration, used by the React and Solid adapters. It manages the serialization protocol for transferring server-fetched data to the client.

api usage

Checking TanStack Router SSR Query Core

@tanstack/router-ssr-query-core 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Frouter-ssr-query-core&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/router-ssr-query-core",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Framework-agnostic serialization packages that transfer data from server to client control what data reaches the browser. A compromised version can modify the dehydrated state, injecting or removing data before client hydration.

Attestd monitors @tanstack/router-ssr-query-core using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack React Router SSR Query TanStack Router Core Response fields