TanStack Supply Chain Attack and How to Lock Down GitHub Actions

In May 2026, TanStack/router was compromised via a GitHub Actions CI pipeline attack where a fork PR poisoned the Actions cache, extracted OIDC tokens, and published 84 malicious npm packages. The author audited 20 repositories the next day and found 8 recurring vulnerability categories: unpinned action tags (vs SHA pins), overly broad GITHUB_TOKEN permissions, shell injection via expression interpolation, credential leakage from actions/checkout, pull_request_target misuse, missing workflow static analysis, stale pinned actions without Dependabot, and cache poisoning from fork PRs. A detailed hardening checklist is provided covering SHA pinning, least-privilege permissions, two-layer shell injection defense (env var indirection plus jq argument passing), late credential injection, build/publish job separation, zizmor static analysis, and Dependabot/Renovate configuration. The post also introduces Sentinel, a Ruby CLI scanner encoding all 21 security checks, and recommends Renovate over Dependabot for automated SHA pin management.