Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,070 total in npm · sorted newest first- Jun 9, 2026
Malicious code in @doaction/examples (npm)
2 compromised versions
- Jun 9, 2026
Malware in @doaction/systeminformation
1 compromised version
- Jun 9, 2026
Malware in @doaction/storage
1 compromised version
- Jun 9, 2026
Malware in @doaction/rrweb-sdk
1 compromised version
- Jun 9, 2026
Malware in @doaction/signalhub
1 compromised version
- Jun 9, 2026
Malware in @doaction/sudo-prompt
1 compromised version
- Jun 9, 2026
Malware in @doaction/http
1 compromised version
- Jun 9, 2026
Malware in @doaction/mapstore
1 compromised version
- Jun 9, 2026
Malware in @doaction/pay
1 compromised version
- Jun 9, 2026
Malware in @doaction/examples
1 compromised version
- Jun 9, 2026
Malicious code in @doaction/shared (npm)
2 compromised versions
- Jun 9, 2026
Malicious code in @doaction/example (npm)
2 compromised versions
- Jun 9, 2026
Malicious code in @doaction/eventemitter (npm)
2 compromised versions
- Jun 9, 2026
Malicious code in @doaction/auth (npm)
2 compromised versions
- Jun 9, 2026
Malware in @doaction/example
1 compromised version
- Jun 9, 2026
Malware in @doaction/eventemitter
1 compromised version
- Jun 9, 2026
Malware in @doaction/auth
1 compromised version
- Jun 9, 2026
Malware in @doaction/shared
1 compromised version
- Jun 9, 2026
Malicious code in transacts (npm)
- Jun 9, 2026
Malware in transacts
1 compromised version
- Jun 9, 2026
Malware in buffer-utilities
1 compromised version
- Jun 9, 2026
Malicious code in moustick (npm)
2 compromised versions
- Jun 9, 2026
Malicious code in cookie-parser-legacy (npm)
4 compromised versions
- Jun 9, 2026
Malware in cookie-parser-legacy
1 compromised version
- Jun 9, 2026
Malware in moustick
1 compromised version
- Jun 9, 2026
Malware in path-extend
1 compromised version
- Jun 9, 2026
Malicious code in os-ulid-void (npm)
1 compromised version
- Jun 9, 2026
Malware in os-ulid-void
1 compromised version
- Jun 9, 2026
Malicious code in @bancolonbia/menu-filter-widget-web (npm)
1 compromised version
- Jun 9, 2026
Malicious code in farming-tools-12 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in defi-tools-39 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in swap-sdk-87 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in wallet-sdk-9 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in ethereum-kit-9 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in crypto-utils-7 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in ethereum-kit-1 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in blockchain-helper-0 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in @demica/shared (npm)
2 compromised versions
- Jun 9, 2026
Malicious code in @demica/resources (npm)
2 compromised versions
- Jun 9, 2026
Malicious code in @demica/core (npm)
2 compromised versions
- Jun 9, 2026
Malicious code in solana-core-4 (npm)
1 compromised version
- Jun 9, 2026
Malicious code in web3-tools-9 (npm)
1 compromised version
- Jun 9, 2026
Malware in dbmux
1 compromised version
- Jun 9, 2026
Malware in github-archiver
1 compromised version
- Jun 9, 2026
Malicious code in void-ulid (npm)
1 compromised version
- Jun 9, 2026
Malware in void-ulid
1 compromised version
- Jun 8, 2026
Malicious code in @zimmo/last_search (npm)
2 compromised versions
- Jun 8, 2026
Malicious code in @listings/energy-labels (npm)
2 compromised versions
- Jun 8, 2026
Malicious code in quickwinston (npm)
1 compromised version
- Jun 8, 2026
Malicious code in classwind-utils (npm)
2 compromised versions
Page 61 of 4,802