Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,073 total in npm · sorted newest first- May 26, 2026
Malware in @izumiswap/sdk
1 compromised version
- May 26, 2026
Malicious code in @fhkry/baileys (npm)
1 compromised version
- May 26, 2026
Malicious code in shop-minis (npm)
1 compromised version
- May 26, 2026
Malicious code in jsonlogbundler (npm)
3 compromised versions
- May 26, 2026
Malicious code in fastjsonlog (npm)
2 compromised versions
- May 26, 2026
Malware in jsonlogbundler
1 compromised version
- May 26, 2026
Malware in fastjsonlog
1 compromised version
- May 26, 2026
Malware in jsonbson
1 compromised version
- May 26, 2026
Malware in corelia
1 compromised version
- May 26, 2026
Malicious code in xlsx-enhanced (npm)
- May 26, 2026
Malicious code in pdf-lib-enhanced (npm)
1 compromised version
- May 26, 2026
Malware in xlsx-enhanced
1 compromised version
- May 26, 2026
Malware in solidity-coverage-plus
1 compromised version
- May 26, 2026
Malware in pdf-lib-enhanced
1 compromised version
- May 26, 2026
Malware in license-checker-plus
1 compromised version
- May 26, 2026
Malware in lynx-keeper
1 compromised version
- May 26, 2026
Malware in hardhat-gas-analytics
1 compromised version
- May 26, 2026
Malware in lynx-keeper-cli
1 compromised version
- May 26, 2026
Malware in zest-product
1 compromised version
- May 26, 2026
Malicious code in shizukyu (npm)
1 compromised version
- May 26, 2026
Malicious code in @leviyuan/lodestar (npm)
1 compromised version
- May 26, 2026
Malicious code in wm-idp-sdk (npm)
1 compromised version
- May 26, 2026
Malware in tailwind-style-typography
1 compromised version
- May 26, 2026
Malware in eo-terminal
1 compromised version
- May 26, 2026
Malicious code in makecoder (npm)
3 compromised versions
- May 26, 2026
Malicious code in ggk-happy (npm)
12 compromised versions
- May 26, 2026
Malicious code in react-json-chalk (npm)
3 compromised versions
- May 26, 2026
Malicious code in react-cleaner (npm)
2 compromised versions
- May 26, 2026
Malicious code in vxui-react (npm)
15 compromised versions
- May 26, 2026
Malicious code in @autofleet/rabbit (npm)
1 compromised version
- May 26, 2026
Malicious code in @godscene/web (npm)
1 compromised version
- May 26, 2026
Malicious code in @catclaw/message-logger-plugin (npm)
1 compromised version
- May 26, 2026
Malicious code in react-ui-polyfills (npm)
2 compromised versions
- May 26, 2026
Malicious code in @iola_adm/iola-cli (npm)
1 compromised version
- May 26, 2026
Malicious code in test-nonmal-pkg-5 (npm)
1 compromised version
- May 26, 2026
Malicious code in ether-bn.js (npm)
9 compromised versions
- May 26, 2026
Malicious code in reasonix-plugmem (npm)
1 compromised version
- May 26, 2026
Malicious code in unique-id-64 (npm)
1 compromised version
- May 26, 2026
Malicious code in 1cat-tunnel-client-zx (npm)
2 compromised versions
- May 26, 2026
Malicious code in testing-on-npmjs (npm)
2 compromised versions
- May 26, 2026
Malicious code in wao (npm)
3 compromised versions
- May 26, 2026
Malicious code in weavedb-lite (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-warp-contracts-plugin-deploy (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-console (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-sdk-base (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-exm-sdk (npm)
1 compromised version
- May 26, 2026
Malicious code in create-arnext-app (npm)
1 compromised version
- May 26, 2026
Malicious code in arnext-arkb (npm)
1 compromised version
- May 26, 2026
Malicious code in roidjs (npm)
1 compromised version
- May 26, 2026
Malicious code in test-weavedb-sdk (npm)
1 compromised version
Page 77 of 4,802