tanstack-query
TanStack Query simplifies asynchronous server-state management in React, offering features like caching, refetching, and pagination.
Install this skill
Security score
The tanstack-query skill was audited on Feb 27, 2026 and we found 25 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 108 | const response = await fetch(`/api/users/${userId}`); |
Template literal with variable interpolation in command context
| 331 | const response = await fetch(`/api/users/${userId}`); |
Template literal with variable interpolation in command context
| 356 | axios.get(`/api/repos/${username}`, { signal }).then(res => res.data), |
Template literal with variable interpolation in command context
| 655 | const response = await fetch(`/api/todos/${updatedTodo.id}`, { |
Template literal with variable interpolation in command context
| 751 | const response = await fetch(`/api/posts?cursor=${pageParam}`); |
Template literal with variable interpolation in command context
| 794 | const response = await fetch(`/api/posts?cursor=${pageParam}`); |
Template literal with variable interpolation in command context
| 1422 | config.headers.Authorization = `Bearer ${token}`; |
Template literal with variable interpolation in command context
| 1460 | const { data } = await apiClient.get(`/users/${id}`, { signal }); |
Template literal with variable interpolation in command context
| 1565 | headers: { Authorization: `Bearer ${token}` }, |
Template literal with variable interpolation in command context
| 1592 | const response = await fetch(`/api/users/${id}`); |
Template literal with variable interpolation in command context
| 1639 | const response = await fetch(`/api/users/${id}`); |
Template literal with variable interpolation in command context
| 1950 | href={`/users/${userId}`} |
Template literal with variable interpolation in command context
| 2064 | const response = await fetch(`/api/search?q=${searchTerm}`, { |
Template literal with variable interpolation in command context
| 2227 | toast.error(`Error: ${error.message}`); |
Template literal with variable interpolation in command context
| 2233 | toast.error(`Failed to save: ${error.message}`); |
Fetch to external URL
| 137 | const response = await fetch('/api/users', { |
Fetch to external URL
| 318 | const response = await fetch('/api/users'); |
Fetch to external URL
| 342 | const response = await fetch('/api/todos', { signal }); |
Fetch to external URL
| 482 | const response = await fetch('/api/todos', { |
Fetch to external URL
| 1130 | const response = await fetch('/api/user'); |
Fetch to external URL
| 1564 | const response = await fetch('/api/profile', { |
Fetch to external URL
| 1675 | const response = await fetch('/api/users', { |
Access to .env file
| 1412 | baseURL: process.env.NEXT_PUBLIC_API_URL, |
External URL reference
| 1487 | const endpoint = 'https://api.example.com/graphql'; |
External URL reference
| 2399 | For additional resources, visit the [official documentation](https://tanstack.com/query/latest). |