Claude on AWS and TanStack npm Postmortem #17
Today's Letter
Anthropic, Claude Platform on AWS launches
- Anthropic launched Claude Platform on AWS for AWS customer access to Claude APIs.
- Authentication uses AWS IAM and audit trails flow through CloudTrail.
- Usage can appear on a single AWS bill and draw down existing AWS commitments.
- The AWS path includes Claude Managed Agents, web search, web fetch, code execution, and Files API beta.
- Claude Console is included for prompt generation, prompt improvement, and evaluations.
- Supported models include Claude Opus 4.7, Sonnet 4.6, and Haiku 4.5.
- Anthropic says new Claude API features should arrive on the AWS platform at launch time.
- Unlike Bedrock, Anthropic operates this service and processes data outside the AWS boundary.
Source: claude.com
More: aws.amazon.com · cloudcomputing-news.net · thenewstack.io
TanStack, npm supply-chain postmortem published
- TanStack published a postmortem for the 2026-05-11 npm supply-chain compromise.
- The attacker published 84 malicious versions across 42 @tanstack/* packages.
- The attack window was 19:20 to 19:26 UTC, according to the postmortem.
- The chain used pull_request_target, GitHub Actions cache poisoning, and OIDC token extraction.
- TanStack says npm tokens were not stolen and the npm publish workflow was not directly compromised.
- The payload ran during package install through optionalDependencies and a prepare script.
- Credential targets included AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH sources.
- StepSecurity researcher Ashish Kurmi detected the malicious versions within about 20 minutes.
- TanStack deprecated affected versions and recommends credential rotation for exposed hosts.
Source: tanstack.com
More: snyk.io · cybersecuritynews.com · stepsecurity.io
Jocoletter curates AI, software, and product trends for developers and builders.
#Anthropic #TanStack
