npm · Malicious package advisory
Malwarepicnic-react-mise-en-place
MAL-2026-5122
Malicious code in picnic-react-mise-en-place (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (d57f4579f4e0842567d9e59bfa74af355f457cbfdfeabe0f65a9e6952f79aa34) The OpenSSF Package Analysis project identified 'picnic-react-mise-en-place' @ 9999.0.0 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Compromised versions (1)
- 9999.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.