Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,064 total in npm · sorted newest first- Jun 16, 2026
Malicious code in redis-xyz (npm)
1 compromised version
- Jun 16, 2026
Malware in redis-xyz
1 compromised version
- Jun 16, 2026
Malicious code in ioredis-os (npm)
1 compromised version
- Jun 16, 2026
Malware in ioredis-os
1 compromised version
- Jun 16, 2026
Malicious code in redis-type-os (npm)
8 compromised versions
- Jun 16, 2026
Malware in redis-type-os
1 compromised version
- Jun 16, 2026
Malicious code in nat-ulid (npm)
1 compromised version
- Jun 16, 2026
Malware in nat-ulid
1 compromised version
- Jun 16, 2026
Malicious code in check-ulid (npm)
1 compromised version
- Jun 16, 2026
Malware in check-ulid
1 compromised version
- Jun 16, 2026
Malicious code in hot-validation-sdk (npm)
1 compromised version
- Jun 16, 2026
Malware in hot-validation-sdk
1 compromised version
- Jun 16, 2026
Malicious code in rbac-auth (npm)
2 compromised versions
- Jun 16, 2026
Malicious code in pampipes (npm)
4 compromised versions
- Jun 16, 2026
Malicious code in lucide-next (npm)
- Jun 16, 2026
Malicious code in fabric-graphics (npm)
1 compromised version
- Jun 16, 2026
Malware in rbac-auth
1 compromised version
- Jun 16, 2026
Malware in fabric-graphics
1 compromised version
- Jun 16, 2026
Malware in auth-basic-vault
1 compromised version
- Jun 16, 2026
Malware in pampipes
1 compromised version
- Jun 16, 2026
Malware in lucide-next
1 compromised version
- Jun 16, 2026
Malware in authcascade
1 compromised version
- Jun 16, 2026
Malware in swplayer-react-sl
1 compromised version
- Jun 16, 2026
Malware in simple-auth-basic
1 compromised version
- Jun 16, 2026
Malicious code in terminal-structured-logger (npm)
3 compromised versions
- Jun 16, 2026
Malicious code in terminal-pretty-logger (npm)
21 compromised versions
- Jun 16, 2026
Malware in terminal-structured-logger
1 compromised version
- Jun 16, 2026
Malware in terminal-pretty-logger
1 compromised version
- Jun 16, 2026
Malicious code in npmjs-doc-builder (npm)
- Jun 16, 2026
Malicious code in bign.tsm (npm)
- Jun 16, 2026
Malware in bign.tsm
1 compromised version
- Jun 16, 2026
Malware in npmjs-doc-builder
1 compromised version
- Jun 16, 2026
Malicious code in @ts-internal/shared-lib (npm)
1 compromised version
- Jun 16, 2026
Malicious code in vitest-pro (npm)
2 compromised versions
- Jun 16, 2026
Malicious code in solana-js-client (npm)
1 compromised version
- Jun 16, 2026
Malicious code in solana-mev-bot (npm)
1 compromised version
- Jun 16, 2026
Malicious code in carousel-controller-mixin (npm)
1 compromised version
- Jun 16, 2026
Malicious code in setka-editor (npm)
3 compromised versions
- Jun 16, 2026
Malicious code in event-metrics-q3x7 (npm)
9 compromised versions
- Jun 16, 2026
Malicious code in metrics-pipeline-d8k2 (npm)
21 compromised versions
- Jun 16, 2026
Malware in flow-lending-sdk
1 compromised version
- Jun 16, 2026
Malware in flow-lending
1 compromised version
- Jun 16, 2026
Malware in bodega-sdk
1 compromised version
- Jun 16, 2026
Malware in janus-ft
1 compromised version
- Jun 16, 2026
Malware in flowcardano
1 compromised version
- Jun 16, 2026
Malware in surf-lending
1 compromised version
- Jun 16, 2026
Malware in flowdefi
1 compromised version
- Jun 16, 2026
Malware in janus-erc20
1 compromised version
- Jun 16, 2026
Malware in janus-flow
1 compromised version
- Jun 16, 2026
Malicious code in tailwind-typography-style (npm)
1 compromised version
Page 48 of 4,802