npm · Malicious package advisory
Malware@challenger6/vm-pattern-library
MAL-2026-5095
Malicious code in @challenger6/vm-pattern-library (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (396b490a90fc45f797d57bb02503489b3a924a18b927cabce392cad7f591c868) The OpenSSF Package Analysis project identified '@challenger6/vm-pattern-library' @ 99.0.0 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Compromised versions (1)
- 99.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.