Supply-chain attacks we’ve detected
Popular npm packages whose release stream was tampered with — either a version OSV confirmed as malicious code, or a version our own analysis flagged as a likely account takeover before any public advisory. None of these versions were ever served from this registry; where the package still has clean releases, those keep flowing.
Show all · updated
Confirmed malicious releases
Versions OSV’s malicious-packages dataset confirms contained malicious code. We blocked these the moment the advisory landed — or before, then OSV agreed.
MAL-2023-462 Malicious code in fsevents (npm)
Native Access to MacOS FSEvents
MAL-2025-21003 Malicious code in fs (npm)
This package name is not currently in use, but was formerly occupied by another package. To avoid malicious use, npm is hanging on to the package name, but loosely, and we'll probably give it to you if you want it.
MAL-2026-3020 Malicious code in @bitwarden/cli (npm)
A secure and free password manager for all of your devices.
MAL-2026-4033 Malicious code in @antv/l7 (npm)
MAL-2026-4045 Malicious code in @antv/l7-maps (npm)
MAL-2026-4417 Malicious code in @pisell/pisellos (npm)
一个可扩展的前端模块化SDK框架,支持插件系统
MAL-2025-190931 Malicious code in @ensdomains/ens-contracts (npm)
MAL-2026-4410 Malicious code in @onerjs/addons (npm)
MAL-2026-2055 Malicious code in @emilgroup/partner-sdk-node (npm)
OpenAPI client for @emilgroup/partner-sdk-node
MAL-2026-3080 Malicious code in frank-bot-gogle-cloning (npm)
Security audit module
MAL-2026-4021 Malicious code in @antv/gpt-vis-ssr (npm)
SSR(Server Side Render) for AntV GPT-Vis.
MAL-2026-2079 Malicious code in @emilgroup/task-sdk-node (npm)
OpenAPI client for @emilgroup/task-sdk-node
MAL-2026-2078 Malicious code in @emilgroup/task-sdk (npm)
OpenAPI client for @emilgroup/task-sdk
MAL-2026-3058 Malicious code in @clearpool/table (npm)
Internal automation library.
MAL-2026-3057 Malicious code in @clearpool/streaming (npm)
Internal automation library.
MAL-2026-3059 Malicious code in @clearpool/utils (npm)
Internal automation library.
MAL-2026-3056 Malicious code in @clearpool/comms (npm)
Internal automation library.
MAL-2026-3081 Malicious code in frank-research-poc-apple (npm)
MAL-2026-3036 Malicious code in uipath-ui-widgets (npm)
MAL-2026-2862 Malicious code in rtms-manager (npm)
Dependency Confusion poc
MAL-2026-3037 Malicious code in standalone-apps (npm)
MAL-2026-3196 Malicious code in react-dnd-14 (npm)
MAL-2026-3128 Malicious code in wm-plugin-teach-me-widget (npm)
Security testing test package
MAL-2026-3038 Malicious code in apollo-landing (npm)
MAL-2026-3040 Malicious code in apollo-vertex (npm)
MAL-2026-3039 Malicious code in process-app-task (npm)
MAL-2026-3076 Malicious code in axis-abc-search-address (npm)
Internal automation library.
MAL-2026-3074 Malicious code in axis-abc-portal-menu (npm)
Internal automation library.
MAL-2026-3304 Malicious code in apcyber-test-package (npm)
Internal automation library.
MAL-2026-3075 Malicious code in axis-abc-search-account (npm)
Internal automation library.
MAL-2026-3312 Malicious code in path-internal-util (npm)
Node.js path module
MAL-2026-3106 Malicious code in @activation_code/activate (npm)
activate utilities
MAL-2026-3033 Malicious code in tether-base (npm)
Test package for dependency confusion detection
MAL-2026-3052 Malicious code in @alfa.life.mapp/app.web (npm)
app.web utilities
MAL-2026-3053 Malicious code in @apple-pay-trust/merchant-session (npm)
merchant-session utilities
MAL-2026-3111 Malicious code in @apple-pay-trust/authorize-payment (npm)
authorize-payment utilities
MAL-2026-3110 Malicious code in @apiary-annex/title (npm)
title utilities
MAL-2026-3109 Malicious code in @apiary-annex/meta (npm)
meta utilities
MAL-2026-3112 Malicious code in @apple-pay-trust/cancelled (npm)
cancelled utilities
MAL-2026-3113 Malicious code in @apple-pay-trust/check-apple-pay-result (npm)
check-apple-pay-result utilities
MAL-2026-3054 Malicious code in @apple-pay-trust/start (npm)
start utilities
MAL-2026-3116 Malicious code in @business_promocode/apply_promocode (npm)
apply_promocode utilities
MAL-2026-3115 Malicious code in @b2b_blocker/show_activation_error (npm)
show_activation_error utilities
MAL-2026-3117 Malicious code in @business_promocode/cancel_promocode (npm)
cancel_promocode utilities
MAL-2026-3067 Malicious code in @ozon-complt/split (npm)
split utilities
MAL-2025-191352 Malicious code in @voiceflow/google-types (npm)
Google service types
MAL-2026-3061 Malicious code in @google-pay-trust/authorize-payment (npm)
authorize-payment utilities
MAL-2026-3077 Malicious code in axis-charts (npm)
Internal automation library.
MAL-2026-3066 Malicious code in @ozon-complt/antibot-handler (npm)
antibot-handler utilities
MAL-2026-3064 Malicious code in @google-pay-trust/init-google-pay (npm)
init-google-pay utilities
MAL-2026-3078 Malicious code in axis-notification (npm)
Internal automation library.
MAL-2026-3079 Malicious code in axis-ui-generator (npm)
Internal automation library.
MAL-2026-3062 Malicious code in @google-pay-trust/cancelled (npm)
cancelled utilities
MAL-2026-3114 Malicious code in @apple-pay-trust/finish (npm)
finish utilities
MAL-2026-3055 Malicious code in @apple-pay-trust/validate-merchant (npm)
validate-merchant utilities
MAL-2026-3122 Malicious code in @w3m-frame/session_update (npm)
session_update utilities
MAL-2026-3073 Malicious code in @tw-utils/static (npm)
static utilities
MAL-2026-3071 Malicious code in @tw-marionette/input (npm)
input utilities
MAL-2026-3072 Malicious code in @tw-models/storage (npm)
storage utilities
MAL-2026-3317 Malicious code in @apple-pay-trust/destroy (npm)
destroy utilities
MAL-2026-3063 Malicious code in @google-pay-trust/finish (npm)
finish utilities
MAL-2026-3118 Malicious code in @pyme-web/ui-base (npm)
ui-base utilities
MAL-2026-3068 Malicious code in @sbt_gitverse/analytics-client (npm)
analytics-client utilities
MAL-2026-3160 Malicious code in apple-internal-pki-utils (npm)
MAL-2026-3120 Malicious code in @pyme-web/web-api (npm)
web-api utilities
MAL-2026-3082 Malicious code in kl-b2c-ui-kit (npm)
kl-b2c-ui-kit utilities
MAL-2026-3069 Malicious code in @tochka-ui/foundation (npm)
gigaid utilities
MAL-2026-3119 Malicious code in @pyme-web/ui-widget (npm)
ui-widget utilities
MAL-2025-190901 Malicious code in @postman/final-node-keytar (npm)
Bindings to native Mac/Linux/Windows password APIs
MAL-2026-3070 Malicious code in @tw-marionette/clipboard (npm)
clipboard utilities
MAL-2026-3121 Malicious code in @taxmoninor/taxmon (npm)
taxmon utilities
MAL-2026-3124 Malicious code in apple-internal-dev-check (npm)
MAL-2026-3152 Malicious code in apple-coredata-internal-service (npm)
Internal research utility for infrastructure audit