npm · Malicious package advisory
Malware@cap-js/openapi
MAL-2026-4161
Malicious code in @cap-js/openapi (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (243c059793e8b277fc77959046b7b064cb740d568fa53e4d30b9075660d9dab5) The package @cap-js/openapi was found to contain malicious code. ## Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df) This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
Compromised versions (1)
- 1.4.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.