Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,078 total in npm · sorted newest first- May 23, 2026
Malicious code in @zaamx/netme (npm)
2 compromised versions
- May 23, 2026
Malicious code in lhisp-logger (npm)
1 compromised version
- May 23, 2026
Malicious code in @budetzzgantenk/baileys (npm)
1 compromised version
- May 23, 2026
Malicious code in @onerjs/inspector (npm)
1 compromised version
- May 23, 2026
Malicious code in ask-my-llm (npm)
3 compromised versions
- May 23, 2026
Malicious code in cloudpivot (npm)
2 compromised versions
- May 23, 2026
Malicious code in secdriven (npm)
3 compromised versions
- May 23, 2026
Malicious code in @onerjs/serializers (npm)
1 compromised version
- May 23, 2026
Malicious code in @onerjs/addons (npm)
2 compromised versions
- May 23, 2026
Malicious code in @onerjs/smart-filters-blocks (npm)
2 compromised versions
- May 23, 2026
Malicious code in dds-js-idl-types (npm)
1 compromised version
- May 23, 2026
Malicious code in dds-js-idl (npm)
2 compromised versions
- May 23, 2026
Malicious code in tax4all-components (npm)
1 compromised version
- May 23, 2026
Malicious code in @blckrose/baileys (npm)
2 compromised versions
- May 23, 2026
Malicious code in loading-session (npm)
2 compromised versions
- May 23, 2026
Malicious code in workspace-config-loader (npm)
2 compromised versions
- May 23, 2026
Malicious code in token-usage-tracker (npm)
2 compromised versions
- May 23, 2026
Malicious code in prompt-engineering-toolkit (npm)
3 compromised versions
- May 23, 2026
Malicious code in project-init-tools (npm)
2 compromised versions
- May 23, 2026
Malicious code in node-setup-helpers (npm)
1 compromised version
- May 23, 2026
Malicious code in model-switch-router (npm)
1 compromised version
- May 23, 2026
Malicious code in llm-context-compressor (npm)
6 compromised versions
- May 23, 2026
Malicious code in dev-env-bootstrapper (npm)
2 compromised versions
- May 23, 2026
Malicious code in build-scripts-utils (npm)
2 compromised versions
- May 23, 2026
Malicious code in async-pipeline-builder (npm)
2 compromised versions
- May 22, 2026
Malicious code in chai-as-repaired (npm)
2 compromised versions
- May 22, 2026
Malicious code in clickpy (npm)
2 compromised versions
- May 22, 2026
Malicious code in @engagehub/core (npm)
1 compromised version
- May 22, 2026
Malicious code in pg-expense-example (npm)
1 compromised version
- May 22, 2026
Malicious code in orca-website (npm)
1 compromised version
- May 22, 2026
Malicious code in peertube-plugin-google-analytics-js (npm)
1 compromised version
- May 22, 2026
Malicious code in tailwind-style-typography (npm)
1 compromised version
- May 22, 2026
Malicious code in express-enrouten-async (npm)
2 compromised versions
- May 22, 2026
Malicious code in mmt-static (npm)
1 compromised version
- May 22, 2026
Malicious code in openmct-couch-plugin (npm)
3 compromised versions
- May 22, 2026
Malicious code in events-router (npm)
1 compromised version
- May 22, 2026
Malicious code in prisma-client-python (npm)
1 compromised version
- May 22, 2026
Malicious code in rapyd-client (npm)
1 compromised version
- May 22, 2026
Malicious code in thevoid (npm)
2 compromised versions
- May 22, 2026
Malicious code in cdk-insights (npm)
2 compromised versions
- May 22, 2026
Malware in ts-logger-pack
1 compromised version
- May 22, 2026
Malware in terminal-logger-utils
1 compromised version
- May 22, 2026
Malware in @tiledesk/tiledesk-server
1 compromised version
- May 22, 2026
Malicious code in midcorp (npm)
1 compromised version
- May 22, 2026
Malicious code in @gbrlxvii/ts-form-utils (npm)
3 compromised versions
- May 22, 2026
Malicious code in onboardconnect-agent (npm)
9 compromised versions
- May 22, 2026
Malicious code in eo-terminal (npm)
2 compromised versions
- May 22, 2026
Malicious code in osep-react-antd (npm)
1 compromised version
- May 22, 2026
Malicious code in osep-api-hub-service-client-v1 (npm)
1 compromised version
- May 22, 2026
Malicious code in swift-optimizer (npm)
1 compromised version
Page 83 of 4,802