TanStack Router Vite Plugin
npm@tanstack/router-vite-pluginTanStack Router Vite Plugin is the Vite-specific wrapper for the TanStack Router plugin, providing HMR support and Vite-specific configuration options. It delegates most logic to the core router plugin.
Checking TanStack Router Vite Plugin
@tanstack/router-vite-plugin 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=%40tanstack%2Frouter-vite-plugin&version=1.56.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "@tanstack/router-vite-plugin",
"version": "1.56.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
Vite plugin packages have access to the entire Vite transform pipeline. A compromised Vite plugin can modify any module in the bundle during the transform phase, injecting code that runs in the browser.
Attestd monitors @tanstack/router-vite-plugin using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
npm_deprecationnpm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.