alt Hacker NewsAppreciate the tanstack postmortem, however the security issue as far as the rest of the npm ecosystem goes is still an ongoing concern, correct?
Is there evidence that any downstream packages that may have pulled/included tanstack packages should be considered safe?
NPM is getting all the attacks and attention because it is the biggest. But there's nothing language specific to this class of attacks.