Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,073 total in npm · sorted newest first- May 26, 2026
Malicious code in arnext (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-client (npm)
1 compromised version
- May 26, 2026
Malicious code in atomic-notes (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-offchain (npm)
1 compromised version
- May 26, 2026
Malicious code in ai3 (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-exm-sdk-web (npm)
1 compromised version
- May 26, 2026
Malicious code in cwao-units (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-tools (npm)
1 compromised version
- May 26, 2026
Malicious code in fpjson-lang (npm)
1 compromised version
- May 26, 2026
Malicious code in wdb-sdk (npm)
1 compromised version
- May 26, 2026
Malicious code in monade (npm)
1 compromised version
- May 26, 2026
Malicious code in wdb-cli (npm)
1 compromised version
- May 26, 2026
Malicious code in cwao-tools (npm)
1 compromised version
- May 26, 2026
Malicious code in warp-contracts-plugin-deploy-test (npm)
1 compromised version
- May 26, 2026
Malicious code in testnpmnmp (npm)
1 compromised version
- May 26, 2026
Malicious code in cwao (npm)
1 compromised version
- May 26, 2026
Malicious code in test-ajs (npm)
1 compromised version
- May 26, 2026
Malicious code in zkjson (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-sdk (npm)
1 compromised version
- May 26, 2026
Malicious code in aonote (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-base (npm)
2 compromised versions
- May 26, 2026
Malicious code in weavedb-node-client (npm)
1 compromised version
- May 26, 2026
Malicious code in weavedb-sdk-node (npm)
1 compromised version
- May 26, 2026
Malicious code in @taskd/maritime-email-processor (npm)
1 compromised version
- May 26, 2026
Malicious code in fe-utils-core (npm)
2 compromised versions
- May 25, 2026
Malicious code in bandkit (npm)
6 compromised versions
- May 25, 2026
Malicious code in xarc-webpack-cli (npm)
1 compromised version
- May 25, 2026
Malicious code in json-to-simple-graphql-schema (npm)
1 compromised version
- May 25, 2026
Malicious code in etherproxy-lite (npm)
1 compromised version
- May 25, 2026
Malicious code in @izumiswap/sdk (npm)
4 compromised versions
- May 25, 2026
Malicious code in motion-tool (npm)
1 compromised version
- May 25, 2026
Malicious code in happy-dlscord.js (npm)
1 compromised version
- May 25, 2026
Malicious code in skills-detector (npm)
2 compromised versions
- May 25, 2026
Malicious code in @databus-service-ui/scroll-up-content (npm)
1 compromised version
- May 25, 2026
Malicious code in @databus-service-ui/ui-event (npm)
1 compromised version
- May 25, 2026
Malicious code in @nolimit-x/win32-x64 (npm)
1 compromised version
- May 25, 2026
Malicious code in koishi-plugin-yuan (npm)
1 compromised version
- May 25, 2026
Malicious code in @service-suppliers/suppliers (npm)
1 compromised version
- May 25, 2026
Malicious code in @service-user-notifications/set_notifications_not_removable (npm)
1 compromised version
- May 25, 2026
Malicious code in @service-suppliers/set_selected_supplier (npm)
1 compromised version
- May 25, 2026
Malicious code in @service-suppliers/select-supplier-watcher-saga (npm)
1 compromised version
- May 25, 2026
Malicious code in @service-suppliers/fetch_suppliers_action_saga (npm)
1 compromised version
- May 25, 2026
Malicious code in normalize-path-seq (npm)
1 compromised version
- May 25, 2026
Malicious code in api-rs-node (npm)
3 compromised versions
- May 25, 2026
Malicious code in verify-mycommand (npm)
1 compromised version
- May 25, 2026
Malicious code in @beyondbday/vibe-terminal (npm)
4 compromised versions
- May 25, 2026
Malicious code in gehneb (npm)
1 compromised version
- May 25, 2026
Malicious code in aes-decode-runner-pro (npm)
10 compromised versions
- May 25, 2026
Malicious code in @polka-ui/loader (npm)
1 compromised version
- May 25, 2026
Malicious code in @loans/vehicles-api (npm)
1 compromised version
Page 78 of 4,802