Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
255,981 total · sorted newest first- Jul 2, 2026
Malicious code in @marketfront/basemarkettemplate (npm)
1 compromised version
- Jul 2, 2026
Malicious code in @marketfront/baobabtech (npm)
1 compromised version
- Jul 2, 2026
Malicious code in @marketfront/bannerpopup (npm)
1 compromised version
- Jul 2, 2026
Malicious code in @marketfront/advertisingdevtool (npm)
1 compromised version
- Jul 2, 2026
Malicious code in @marketfront/actualordersnippetpopup (npm)
- Jul 1, 2026
Malicious code in uprobe (PyPI)
2 compromised versions
- Jul 1, 2026
Malicious code in ufish (PyPI)
2 compromised versions
- Jul 1, 2026
Malicious code in synago (PyPI)
2 compromised versions
- Jul 1, 2026
Malicious code in pantheon-toolsets (PyPI)
2 compromised versions
- Jul 1, 2026
Malicious code in pantheon-agents (PyPI)
2 compromised versions
- Jul 1, 2026
Malicious code in electron-orbit (npm)
32 compromised versions
- Jul 1, 2026
Malicious code in starlette-healthcheck (PyPI)
3 compromised versions
- Jul 1, 2026
Malicious code in svgcraft-core (npm)
6 compromised versions
- Jul 1, 2026
Malicious code in test-pkg-yarn (npm)
3 compromised versions
- Jul 1, 2026
Malicious code in test-pkg-pnpm (npm)
2 compromised versions
- Jul 1, 2026
Malicious code in test-pkg-x0 (npm)
5 compromised versions
- Jul 1, 2026
Malicious code in polymarket-toolkit (npm)
1 compromised version
- Jul 1, 2026
Malicious code in polymarket-trading-developer-tool (npm)
2 compromised versions
- Jul 1, 2026
Malicious code in polymarket-risk-manager (npm)
1 compromised version
- Jul 1, 2026
Malicious code in ts-clob-math-v2 (npm)
1 compromised version
- Jul 1, 2026
Malicious code in ts-elinter (npm)
1 compromised version
- Jul 1, 2026
Malicious code in ts-eslint-helper (npm)
5 compromised versions
- Jul 1, 2026
Malicious code in okite (PyPI)
2 compromised versions
- Jul 1, 2026
Malicious code in twrap-tool (PyPI)
1 compromised version
- Jul 1, 2026
Malicious code in nucbox (PyPI)
2 compromised versions
- Jul 1, 2026
Malicious code in vega-lite-next (npm)
1 compromised version
- Jul 1, 2026
Malicious code in vitest-agent (npm)
3 compromised versions
- Jul 1, 2026
Malicious code in napari-ufish (PyPI)
2 compromised versions
- Jul 1, 2026
Malicious code in hardhat-plugin-solidity (npm)
4 compromised versions
- Jul 1, 2026
Malicious code in hardhat-compile-ethers (npm)
13 compromised versions
- Jul 1, 2026
Malicious code in zyncmap (npm)
2 compromised versions
- Jul 1, 2026
Malicious code in svgson-lite (npm)
8 compromised versions
- Jul 1, 2026
Malicious code in base65-85x (npm)
1 compromised version
- Jul 1, 2026
Malicious code in @andes-tools/colors (npm)
1 compromised version
- Jul 1, 2026
Malicious code in npm-show-date-proof-strings (npm)
2 compromised versions
- Jul 1, 2026
Malicious code in date-fns-lite (npm)
13 compromised versions
- Jul 1, 2026
Malicious code in node-pino (npm)
1 compromised version
- Jun 30, 2026
Malicious code in mrbios (PyPI)
2 compromised versions
- Jun 30, 2026
Malicious code in magique-ai (PyPI)
2 compromised versions
- Jun 30, 2026
Malicious code in ecto-corsair-flag-7kq3mz (npm)
3 compromised versions
- Jun 30, 2026
Malicious code in module-index-cache (npm)
3 compromised versions
- Jun 30, 2026
Malicious code in ripshakti (npm)
1 compromised version
- Jun 30, 2026
Malicious code in @sudoughnym/enviro-demo (npm)
2 compromised versions
- Jun 30, 2026
Malicious code in @businessapp-microsites/apis (npm)
3 compromised versions
- Jun 30, 2026
Malicious code in magique (PyPI)
2 compromised versions
- Jun 30, 2026
Malicious code in cursed-modules (npm)
19 compromised versions
- Jun 30, 2026
Malicious code in funcdesc (PyPI)
2 compromised versions
- Jun 30, 2026
Malicious code in executor-http (PyPI)
2 compromised versions
- Jun 30, 2026
Malicious code in executor-engine (PyPI)
2 compromised versions
- Jun 30, 2026
Malicious code in procwire (npm)
2 compromised versions
Page 82 of 5,120