supply chain / tanstack-solid-router-devtools

TanStack Solid Router Devtools

registrynpm

package name@tanstack/solid-router-devtools

maintainerTanStack

TanStack Solid Router Devtools is the browser devtools panel for inspecting TanStack Solid Router state, active routes, and navigation history during development. It is typically installed as a dev dependency and should not be present in production bundles.

api usage

Checking TanStack Solid Router Devtools

@tanstack/solid-router-devtools 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Fsolid-router-devtools&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/solid-router-devtools",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Devtools packages are commonly installed alongside their router counterpart in production bundles by accident. A malicious devtools package has access to the full router state, including route parameters and navigation history, in any browser context where it is loaded.

Attestd monitors @tanstack/solid-router-devtools using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack Solid Router TanStack Router Devtools Response fields