A Fork PR Poisoned the pnpm Cache Your Release Workflow Trusted, and GitHub’s Audit Log Never Logged the Write
The TanStack compromise published 84 poisoned npm versions across 42 packages by writing a cache entry into the default-branch scope from an untrusted fork PR. GitHub has since made that write path read-only for low-trust triggers — but cache creation still never touches the audit log, so post-hoc detection has to live on the runner and in cache-inventory differencing instead.