Research
PyPI Package Impersonates SymPy to Deliver Cryptomining Malware
Malicious PyPI package sympy-dev targets SymPy users, a Python symbolic math library with 85 million monthly downloads.
By Kirill Boychenko - Jan 21, 2026
🚀 Launch Week Day 2:Introducing Custom Tabs for Org Alerts.Learn More →
@tanstack/create-start
Advanced tools
@tanstack/create-start
CLI tool for creating and modifying TanStack Start projects.
pnpm create @tanstack/start
Run
pnpm create @tanstack/start --help
to see all options.
Until peer dependency issues are worked out, npm create @tanstack/start doesn't work.
Use pnpm or maybe a bundled version could be published instead.
Contributing
Modules
Modules represent templates and functionality that can be added later to a TanStack Start project. A module is created using a chain of methods specifying callbacks which receives arguments from the previous step.
-
createModule(schema): Set the schema of values that will be passed in from command line options. -
.init((configFromSchema) => { ... }): Crawl the filesystem to infer configuration, for example detecting the current package manager -
.prompt((configFromInit) => { ... }): Prompt the user for configuration, skipping config that has already been specified. -
.validateAndApply({ validate, apply })-
validate({ cfg, targetPath }): check if preconditions met (is there a package.json? is a library already installed?) and return an array of strings that are issues to address -
apply({ cfg, targetPath }): modify the filesystem: install libraries, modify files
-
FAQs
Tanstack Start Builder
The npm package @tanstack/create-start receives a total of 6,034 weekly downloads. As such, @tanstack/create-start popularity was classified as popular.
We found that @tanstack/create-start demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 30 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Tabs for Org Alerts
Create and share saved alert views with custom tabs on the org alerts page, making it easier for teams to return to consistent, named filter sets.
By André Staltz - Jan 20, 2026
Product
Rust Support in Socket Is Now Generally Available
Socket’s Rust and Cargo support is now generally available, providing dependency analysis and supply chain visibility for Rust projects.
By Trevor Norris - Jan 19, 2026