supply chain / tanstack-router-utils

TanStack Router Utils

registrynpm

package name@tanstack/router-utils

maintainerTanStack

TanStack Router Utils provides shared utility functions used across TanStack Router packages, including URL parsing, type utilities, and route tree helpers. It is an internal package not typically installed directly.

api usage

Checking TanStack Router Utils

@tanstack/router-utils 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Frouter-utils&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/router-utils",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

URL parsing utilities process user-controlled URL input and are directly relevant to the path traversal class of vulnerabilities (CVE-2026-45321 family) affecting TanStack Router packages.

Attestd monitors @tanstack/router-utils using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack Router Core TanStack React Router Response fields