MAL-2026-4036 Malicious code in @antv/l7-core (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/f2-wordcloud (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g-plugin-rough-svg-renderer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g-webgl (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @tallyui/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in mistralai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @uipath/solutionpackager-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64274b915ff6e2c5965c334cc5b2a7dca56efe8c3021c83e45d0269a9391345f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3566 Malicious code in @uipath/platform-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89f494a30a8fe1637198b531a2c267ebb3aedf5d0c537afc1f12ea2186ef1d1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3556 Malicious code in @uipath/orchestrator-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d967b0f36daf789de288eb36c97c6ab5c9de25bad34a8d4866954e495d7303dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in safe-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd0e257c2958e16d803f002f996ebb83aae4ecc32bf71320bf985b936996e634 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/codedagent-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaec2ac4b4efbc449a39049c2d3793dd5f3c4fc4737957ba4e70f35fb6c13903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is "@vietmoney/react-big-calendar," which was uploade...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-hulud supply chain attacks. The malware functions as a self-replicating worm that spreads via npm dependencies to compromise developer environments;...

Malicious code in @lokeswari-satyanarayanan/rn-zustand-expo-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe3bd99e2f11ab8bb09a9086c4dca8af56372031492ed11d90f1e32a0e8f53 The package @lokeswari-satyanarayanan/rn-zustand-expo-template was found to contain malicious code. Source: google-open-source-security...

Malicious code in @voiceflow/eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4db5527f8a6098b9553e656b50ee1e0fcae45b163917de83299e9e5200ff96f The package @voiceflow/eslint-config was found to contain malicious code. Source: ghsa-malware...

Malicious code in @voiceflow/git-branch-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374d8cf65cd8bf44935889995a1fe36af800d8f570be40b594fa1b3bca1c184d The package @voiceflow/git-branch-check was found to contain malicious code. Source: ghsa-malware...

Malicious code in @voiceflow/react-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7450440b7c3368ef719fcfa9511d7984fc38ed8b5279f4e49f414f588446915e The package @voiceflow/react-chat was found to contain malicious code. Source: ghsa-malware...

Malicious code in @oku-ui/presence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccfe3cd227dfd52c2a7bb6d2c15fc511a5d1baab2eb3378960905005e421b9a The package @oku-ui/presence was found to contain malicious code. Source: google-open-source-security...

Malicious code in pkg-readme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfc479ddf04c9b4dccdd1b190ab6a553b8b70b35dd010db9a2f6facee0990c78 The package pkg-readme was found to contain malicious code. Source: ghsa-malware 1367f46db577db5123a8d208e0f5d172747a39e623e7c33db0a7e240d28f9d2a Any...

Malicious code in @oku-ui/alert-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824a69f83431a766f681bc72d705ff3b28ae9309898b4ad10979adca148f2276 The package @oku-ui/alert-dialog was found to contain malicious code. Source: google-open-source-security...