npm · Malicious package advisory
Malware@zynkit/probe
MAL-2026-6314
Malicious code in @zynkit/probe (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (5f7da2d08466718d66bb9a80478987eab5041e19ee53f80d6968e6dc3069edf2) No concrete indicators of installer-side harm were observed in this package version. No lifecycle scripts performing remote fetch-and-execute, no credential or environment scraping, no hardcoded attacker network destinations, and no silent-relay patterns are present.
Compromised versions (1)
- 0.0.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.