Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
225,882 total · sorted newest first- May 22, 2026
Malicious code in wallet-backup-verifier (npm)
- May 22, 2026
Malicious code in python-env-auditor (npm)
- May 22, 2026
Malicious code in pypi-build-verifier (npm)
- May 22, 2026
Malicious code in deploy-guard-check (npm)
- May 22, 2026
Malicious code in dependency-audit-tool (npm)
- May 22, 2026
Malicious code in credential-verification-cli (npm)
- May 22, 2026
Malicious code in compliance-check-runner (npm)
- May 22, 2026
Malicious code in build-integrity-verify (npm)
- May 22, 2026
Malicious code in truffle-config-helper (npm)
- May 22, 2026
Malicious code in solna-web3 (npm)
- May 22, 2026
Malicious code in solana-pda-helper (npm)
- May 22, 2026
Malicious code in hardhat-gas-profiler-plugin (npm)
- May 22, 2026
Malicious code in ganache-cli-provider (npm)
- May 22, 2026
Malicious code in foundy-toolkit (npm)
- May 22, 2026
Malicious code in foundry-deploy-helper (npm)
- May 22, 2026
Malicious code in ethers-multicall-utils (npm)
- May 22, 2026
Malicious code in etherjs-utils (npm)
- May 22, 2026
Malicious code in env-security-scanner (npm)
- May 22, 2026
Malicious code in chainlink-price-feed-aggregator (npm)
- May 22, 2026
Malicious code in pylogfmt (PyPI)
1 compromised version
- May 21, 2026
Malicious code in cryptoco-auth (npm)
2 compromised versions
- May 21, 2026
Malicious code in lognest (PyPI)
5 compromised versions
- May 21, 2026
Malicious code in tailwindcss-themers (npm)
- May 21, 2026
Malicious code in tailwindcss-theme-custom (npm)
- May 21, 2026
Malicious code in json-spectaculation (npm)
- May 21, 2026
Malicious code in @luke-101141/nobody (npm)
1 compromised version
- May 21, 2026
Malicious code in chai-as-afforded (npm)
- May 21, 2026
Malicious code in tensor-compute (PyPI)
1 compromised version
- May 21, 2026
Malicious code in selfservsweeper (PyPI)
1 compromised version
- May 21, 2026
Malicious code in @tiledesk/tiledesk-server (npm)
1 compromised version
- May 21, 2026
Malicious code in web3-secrets-detector (npm)
- May 21, 2026
Malicious code in wallet-security-checker (npm)
- May 21, 2026
Malicious code in solidity-deploy-guard (npm)
- May 21, 2026
Malicious code in polymarket-trading-cli (npm)
- May 21, 2026
Malicious code in polymarket-trader (npm)
- May 21, 2026
Malicious code in polymarket-trade (npm)
- May 21, 2026
Malicious code in polymarket-terminal (npm)
- May 21, 2026
Malicious code in polymarket-copy-trading (npm)
- May 21, 2026
Malicious code in polymarket-claude-code (npm)
- May 21, 2026
Malicious code in polymarket-bot (npm)
- May 21, 2026
Malicious code in polymarket-auto-trade (npm)
- May 21, 2026
Malicious code in polymarket-ai-agent (npm)
- May 21, 2026
Malicious code in mnemonic-safety-check (npm)
- May 21, 2026
Malicious code in eth-wallet-sentinel (npm)
- May 21, 2026
Malicious code in deployment-key-auditor (npm)
- May 21, 2026
Malicious code in defi-threat-scanner (npm)
- May 21, 2026
Malicious code in defi-env-auditor (npm)
- May 21, 2026
Malicious code in crypto-credential-scanner (npm)
- May 21, 2026
Malicious code in chain-key-validator (npm)
- May 20, 2026
Malicious code in obs-migrate (PyPI)
1 compromised version
Page 1 of 4,518