VYPR
← All malware advisories

npm · Malicious package advisory

Malware

did-0091

MAL-2026-4177

Malicious code in did-0091 (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: ossf-package-analysis (80bf373136eb0315910e5ba3fa9097db2cd7efe316d1defbb9b8b78f8ab8506b)
The OpenSSF Package Analysis project identified 'did-0091' @ 11.0.6 (npm) as malicious.

It is considered malicious because:

- The package communicates with a domain associated with malicious activity.

- The package executes one or more commands associated with malicious behavior.

Compromised versions (5)

  • 11.0.6
  • 11.0.5
  • 11.0.9
  • 11.1.8
  • 11.2.8

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.