Extole experienced a notice incident on May 21, 2026, lasting —. The incident has been resolved; the full update timeline is below.
Update timeline
- resolved May 21, 2026, 07:23 PM UTC
GitHub security incident (May 2026) — investigated, no Extole impact We are aware of the security incident disclosed by GitHub on May 20, 2026, involving unauthorized access to GitHub's internal repositories via a compromised third-party VS Code extension (Nx Console), itself linked to the earlier @tanstack/* npm supply-chain compromise on May 11, 2026. We have completed our investigation and confirmed that Extole is not impacted: - GitHub has stated the incident was limited to its own internal repositories, with no evidence of impact to customer repositories, organizations, or enterprises. - Extole does not use the Nx Console extension or any of the @nrwl/* packages. - The @tanstack/* packages compromised in the upstream incident (the Router/Start monorepo) are not used by Extole; the @tanstack/* package we do use (vue-query) was explicitly confirmed unaffected by TanStack. - We checked our workstations and build infrastructure for the published indicators of compromise and found none. No customer action is required. We will continue to monitor for any further disclosures from GitHub or TanStack and will update this status if anything changes.