This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Seb ⚛️ ThisWeekInReact.com
sebastienlorber.com
did:plc:hxmev3uady7j4litwnr5fzbg
Today, TanStack packages have been compromised.
Again, this all started with a "pull_request_target" GitHub action trigger.
TL;DR for open-source maintainers:
🚫 NEVER use "pull_request_target" workflows
🚫 NEVER use shared caches in your publish pipeline
2026-05-12T08:05:19.473Z