Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,003 total in npm · sorted newest first- Jul 6, 2026
Malicious code in chain-await-test (npm)
1 compromised version
- Jul 6, 2026
Malicious code in cookie-ease (npm)
10 compromised versions
- Jul 6, 2026
Malicious code in chalks-logger (npm)
5 compromised versions
- Jul 6, 2026
Malicious code in chalk-logger-prettier (npm)
7 compromised versions
- Jul 6, 2026
Malicious code in chalk-prettier (npm)
2 compromised versions
- Jul 6, 2026
Malicious code in bn-eslint.js (npm)
1 compromised version
- Jul 6, 2026
Malicious code in bigint.os (npm)
4 compromised versions
- Jul 6, 2026
Malicious code in bn-math (npm)
2 compromised versions
- Jul 6, 2026
Malicious code in big256-ts (npm)
2 compromised versions
- Jul 6, 2026
Malicious code in big-numerator (npm)
2 compromised versions
- Jul 6, 2026
Malicious code in big-numer (npm)
1 compromised version
- Jul 6, 2026
Malicious code in big-numerate (npm)
1 compromised version
- Jul 6, 2026
Malicious code in argonflux (npm)
1 compromised version
- Jul 6, 2026
Malicious code in awesome-cli-logger (npm)
2 compromised versions
- Jul 6, 2026
Malicious code in rollup-plugin-polyfill-handler (npm)
2 compromised versions
- Jul 6, 2026
Malicious code in react-next-dom (npm)
3 compromised versions
- Jul 6, 2026
Malicious code in mongoose-lean-hooks (npm)
6 compromised versions
- Jul 6, 2026
Malicious code in internallib_v234 (npm)
5 compromised versions
- Jul 6, 2026
Malicious code in neon-terminal (npm)
7 compromised versions
- Jul 6, 2026
Malicious code in zod-pino434 (npm)
2 compromised versions
- Jul 6, 2026
Malicious code in zod-pino444 (npm)
4 compromised versions
- Jul 6, 2026
Malicious code in zredis-typed (npm)
1 compromised version
- Jul 6, 2026
Malicious code in pinokio-redis (npm)
1 compromised version
- Jul 6, 2026
Malicious code in tme-xca-react (npm)
1 compromised version
- Jul 6, 2026
Malicious code in tme-xca (npm)
1 compromised version
- Jul 6, 2026
Malicious code in tme-error (npm)
1 compromised version
- Jul 6, 2026
Malicious code in sams-sr-sdk-h5 (npm)
1 compromised version
- Jul 6, 2026
Malicious code in enbd-react-logger (npm)
1 compromised version
- Jul 6, 2026
Malicious code in enbd-react-lib (npm)
1 compromised version
- Jul 6, 2026
Malicious code in enbd-react-error-boundry (npm)
1 compromised version
- Jul 6, 2026
Malicious code in box-react-uix (npm)
1 compromised version
- Jul 6, 2026
Malicious code in @logdna-web/styles (npm)
1 compromised version
- Jul 6, 2026
Malicious code in @logdna-web/shared (npm)
1 compromised version
- Jul 6, 2026
Malicious code in @idms-corp/auth-ui (npm)
2 compromised versions
- Jul 6, 2026
Malicious code in @flex-ng/header-component (npm)
1 compromised version
- Jul 6, 2026
Malicious code in @flex-ng/filter-pipe (npm)
1 compromised version
- Jul 6, 2026
Malicious code in @flex-ng/error-component (npm)
1 compromised version
- Jul 5, 2026
Malicious code in gen-ai-opt-in (npm)
3 compromised versions
- Jul 5, 2026
Malicious code in wsh4-nmp (npm)
1 compromised version
- Jul 5, 2026
Malicious code in @adobesign/as-dev-tools (npm)
2 compromised versions
- Jul 4, 2026
Malicious code in vps-maintenance (npm)
2 compromised versions
- Jul 4, 2026
Malicious code in vps-maintenance-paperclip-adapter (npm)
7 compromised versions
- Jul 4, 2026
Malicious code in paperclip2 (npm)
1 compromised version
- Jul 4, 2026
Malicious code in datefmt-helper (npm)
2 compromised versions
- Jul 3, 2026
Malicious code in debugcli (npm)
6 compromised versions
- Jul 3, 2026
Malicious code in web-api-node (npm)
- Jul 3, 2026
Malicious code in typescript-util-core (npm)
4 compromised versions
- Jul 3, 2026
Malicious code in ts-node-utils (npm)
3 compromised versions
- Jul 3, 2026
Malicious code in api-ts-utils (npm)
- Jul 3, 2026
Malicious code in api-node-utils (npm)
1 compromised version
Page 26 of 4,801