Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,003 total in npm · sorted newest first- Jun 24, 2026
Malicious code in normalize-plus (npm)
1 compromised version
- Jun 24, 2026
Malicious code in ui-core-system (npm)
- Jun 24, 2026
Malicious code in ldapaotest (npm)
- Jun 24, 2026
Malicious code in cccmyssr2 (npm)
1 compromised version
- Jun 24, 2026
Malicious code in cccmyssr-util (npm)
1 compromised version
- Jun 24, 2026
Malicious code in cccmyssr3 (npm)
1 compromised version
- Jun 24, 2026
Malicious code in react-campaign-optimizer (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in signup-embedder (npm)
3 compromised versions
- Jun 24, 2026
Malicious code in chai-as-predicted (npm)
1 compromised version
- Jun 24, 2026
Malicious code in hs-locale-management (npm)
3 compromised versions
- Jun 24, 2026
Malicious code in rapidsearch (npm)
1 compromised version
- Jun 24, 2026
Malicious code in multer-express (npm)
1 compromised version
- Jun 24, 2026
Malicious code in vercel-api-client (npm)
- Jun 24, 2026
Malicious code in evmdotjs (npm)
- Jun 24, 2026
Malicious code in eth_accounts (npm)
- Jun 24, 2026
Malicious code in simplisafe-gatsby (npm)
1 compromised version
- Jun 24, 2026
Malicious code in macos-ci-utils (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in linux-ci-utils (npm)
1 compromised version
- Jun 24, 2026
Malicious code in system-core-utils (npm)
1 compromised version
- Jun 24, 2026
Malicious code in bn-lint (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in evil-pkg (npm)
6 compromised versions
- Jun 24, 2026
Malicious code in gpt-chat-cli (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in hardhat-test-log (npm)
4 compromised versions
- Jun 24, 2026
Malicious code in dbt-language-server (npm)
1 compromised version
- Jun 24, 2026
Malicious code in hyperpure (npm)
1 compromised version
- Jun 24, 2026
Malicious code in decimal-format-utils (npm)
1 compromised version
- Jun 24, 2026
Malicious code in rollup-runtime-polyfill-core (npm)
4 compromised versions
- Jun 24, 2026
Malicious code in assertcore (npm)
1 compromised version
- Jun 24, 2026
Malicious code in backpack-ios (npm)
1 compromised version
- Jun 24, 2026
Malicious code in llm-traces-app (npm)
1 compromised version
- Jun 24, 2026
Malicious code in twilio-voice-js-reference-components (npm)
1 compromised version
- Jun 24, 2026
Malicious code in openllmapi (npm)
1 compromised version
- Jun 24, 2026
Malicious code in monty-data (npm)
3 compromised versions
- Jun 24, 2026
Malicious code in npmkekw (npm)
4 compromised versions
- Jun 24, 2026
Malicious code in tailwind-textform-fill (npm)
- Jun 24, 2026
Malicious code in html-to-gutenberg (npm)
1 compromised version
- Jun 24, 2026
Malicious code in fetch-page-assets (npm)
1 compromised version
- Jun 24, 2026
Malicious code in vscode-test-web (npm)
1 compromised version
- Jun 23, 2026
Malicious code in delta-time-32bb (npm)
1 compromised version
- Jun 23, 2026
Malicious code in npm-bug-bounty-test1-rhyselsmore (npm)
1 compromised version
- Jun 23, 2026
Malicious code in ppt-creator (npm)
1 compromised version
- Jun 23, 2026
Malicious code in bug-monorepo (npm)
1 compromised version
- Jun 23, 2026
Malicious code in theme-color-picker (npm)
3 compromised versions
- Jun 23, 2026
Malicious code in chai-as-operated (npm)
1 compromised version
- Jun 23, 2026
Malicious code in markdownlint-cli2-fix (npm)
2 compromised versions
- Jun 23, 2026
Malicious code in buffer-wrap-67d7 (npm)
1 compromised version
- Jun 23, 2026
Malicious code in hex-conv-ae7a (npm)
1 compromised version
- Jun 23, 2026
Malicious code in safe-json-38bd (npm)
1 compromised version
- Jun 23, 2026
Malicious code in wagmi_util (npm)
1 compromised version
- Jun 23, 2026
Malicious code in log-taker (npm)
1 compromised version
Page 34 of 4,801