Your RSA-2048 keys break in 2030. Find every one of them before attackers do.

Malware Database

Malicious open-source packages — supply-chain attacks, infostealers, backdoors, and typosquats across npm, PyPI, and other registries. Each advisory covers what the malware does, which versions are compromised, SHA-256 indicators of compromise, the attack campaign, and removal steps. Look up any package at /malware/{ecosystem}/{name}.

Recently discovered malicious packages

@0xlr/clerk-authnpm

Jun 9, 2026

@0xlr/prisma-client-jsnpm

Jun 9, 2026

@0xlr/sentry-webnpm

Jun 9, 2026

@0xlr/stripe-checkout-jsnpm

Jun 9, 2026

@0xlr/stripe-frontendnpm

Jun 9, 2026

@0xlr/supabase-dbnpm

Jun 9, 2026

@0xlr/vercel-analyticsnpm

Jun 9, 2026

@aonunited/angularnpm

Jun 9, 2026

@att-ebiz/abs-components-bcnpm

Jun 9, 2026

@bancolonbia/menu-filter-widget-webnpm

Jun 9, 2026

@card-pci-data/storenpm

Jun 9, 2026

@demica/corenpm

Jun 9, 2026

@demica/resourcesnpm

Jun 9, 2026

@demica/sharednpm

Jun 9, 2026

@dktunited/anly-tracker-v2npm

Jun 9, 2026

@doaction/authnpm

Jun 9, 2026

@doaction/eventemitternpm

Jun 9, 2026

@doaction/examplenpm

Jun 9, 2026

@doaction/examplesnpm

Jun 9, 2026

@doaction/httpnpm

Jun 9, 2026

@doaction/mapstorenpm

Jun 9, 2026

@doaction/paynpm

Jun 9, 2026

@doaction/rrweb-sdknpm

Jun 9, 2026

@doaction/sharednpm

Jun 9, 2026

@doaction/signalhubnpm

Jun 9, 2026

@doaction/storagenpm

Jun 9, 2026

@doaction/sudo-promptnpm

Jun 9, 2026

@doaction/systeminformationnpm

Jun 9, 2026

@doaction/typesnpm

Jun 9, 2026

@doaction/wasm-loadernpm

Jun 9, 2026

@easy-entry/landing-routesnpm

Jun 9, 2026

@easy-entry/outside-registration-fop-navigatornpm

Jun 9, 2026

@easy-entry/routesnpm

Jun 9, 2026

@klapp-about/routesnpm

Jun 9, 2026

@klapp-kyc/routesnpm

Jun 9, 2026

@klapp-login-platform/native-sdknpm

Jun 9, 2026

@klapp-login-platform/oidcnpm

Jun 9, 2026

@klapp-login-platform/routesnpm

Jun 9, 2026

@klapp-otp/routesnpm

Jun 9, 2026

@klapp-sca/routesnpm

Jun 9, 2026

@listings/energy-labelsnpm

Jun 9, 2026

@nstrlabs/api-clientnpm

Jun 9, 2026

@nstrlabs/authnpm

Jun 9, 2026

@nstrlabs/ixelnpm

Jun 9, 2026

@nstrlabs/sdknpm

Jun 9, 2026

@nstrlabs/shared-componentsnpm

Jun 9, 2026

@nstrlabs/utilsnpm

Jun 9, 2026

@open-banking/cabinet-providersnpm

Jun 9, 2026

@oplus/obus-corenpm

Jun 9, 2026

@oplus/obus-web-sdk-plugin-recoverynpm

Jun 9, 2026

@oplus/obus-web-sdknpm

Jun 9, 2026

@payment-review/storenpm

Jun 9, 2026

@rockawayx/utilsnpm

Jun 9, 2026

@sflyinc-knapsack/shutterfly-reactnpm

Jun 9, 2026

@shell-cabinet/routesnpm

Jun 9, 2026

@shell-landing/routesnpm

Jun 9, 2026

@solana-labs/etherjsnpm

Jun 9, 2026

@solana-labs/web3-jsnpm

Jun 9, 2026

@sourceflow-uk/sourceflow-trackernpm

Jun 9, 2026

@sql-access/nodesqlnpm

Jun 9, 2026

@sql-trigger/nodesqlnpm

Jun 9, 2026

@sqlite-node/createsqlnpm

Jun 9, 2026

@webd-infra/query-designer-domainnpm

Jun 9, 2026

@webda-features/dashboardnpm

Jun 9, 2026

@webda-infra/searchnpm

Jun 9, 2026

@zimmo/last_searchnpm

Jun 9, 2026

ac_calendar_tsnpm

Jun 9, 2026

ac_semantic-ui_tsnpm

Jun 9, 2026

blockchain-helper-0npm

Jun 9, 2026

buffer-utilitiesnpm

Jun 9, 2026

checkout-signernpm

Jun 9, 2026

clsx-jsnpm

Jun 9, 2026

cms-store-rennpm

Jun 9, 2026

commons-ui-stylesnpm

Jun 9, 2026

comos-sdknpm

Jun 9, 2026

consumerweb-authflownpm

Jun 9, 2026

cookie-parser-legacynpm

Jun 9, 2026

corporate-front-vuenpm

Jun 9, 2026

create-docs-mcpnpm

Jun 9, 2026

crypto-utils-7npm

Jun 9, 2026

db-dx-connectornpm

Jun 9, 2026

db-xormanpm

Jun 9, 2026

dbmuxnpm

Jun 9, 2026

defi-tools-39npm

Jun 9, 2026

enquriersnpm

Jun 9, 2026

ethereum-kit-1npm

Jun 9, 2026

ethereum-kit-9npm

Jun 9, 2026

exodus-checkout-signernpm

Jun 9, 2026

exodus-ethereum-sdknpm

Jun 9, 2026

exodus-secure-containernpm

Jun 9, 2026

exodus-solana-sdknpm

Jun 9, 2026

exodus-wallet-corenpm

Jun 9, 2026

farming-tools-12npm

Jun 9, 2026

fhirproxy-utilsnpm

Jun 9, 2026

fhirproxynpm

Jun 9, 2026

getd-content-managementnpm

Jun 9, 2026

getd-eslint-rulesnpm

Jun 9, 2026

getd-handler-apinpm

Jun 9, 2026

getd-pantallas-clientenpm

Jun 9, 2026

getd-transactional-webnpm

Jun 9, 2026

getd-typescript-eslint-rulesnpm

Jun 9, 2026

getd-ui-librarynpm

Jun 9, 2026

getd-web-corporativanpm

Jun 9, 2026

gethandler-apinpm

Jun 9, 2026

getui-librarynpm

Jun 9, 2026

github-archivernpm

Jun 9, 2026

grateful-checkoutnpm

Jun 9, 2026

grateful-paymentsnpm

Jun 9, 2026

hey-base32npm

Jun 9, 2026

housecall-uinpm

Jun 9, 2026

ipy-rev-proxynpm

Jun 9, 2026

kecak256npm

Jun 9, 2026

kraken-uinpm

Jun 9, 2026

localization-libnpm

Jun 9, 2026

mazemapnpm

Jun 9, 2026

mcp-server-fetchnpm

Jun 9, 2026

mcp-server-figmanpm

Jun 9, 2026

mcp-server-gitnpm

Jun 9, 2026

mcp-server-githubnpm

Jun 9, 2026

mcp-server-notionnpm

Jun 9, 2026

mcp-server-postgresnpm

Jun 9, 2026

mcp-server-redisnpm

Jun 9, 2026

mcp-server-sentrynpm

Jun 9, 2026

mcp-server-sequential-thinkingnpm

Jun 9, 2026

mcp-server-supabasenpm

Jun 9, 2026

menu-filter-widget-webnpm

Jun 9, 2026

morningstar-design-systemnpm

Jun 9, 2026

mousticknpm

Jun 9, 2026

multicanpm

Jun 9, 2026

o3formsnpm

Jun 9, 2026

os-ulid-voidnpm

Jun 9, 2026

page-info-servicenpm

Jun 9, 2026

path-extendnpm

Jun 9, 2026

path-internal-utilnpm

Jun 9, 2026

privacy-sdknpm

Jun 9, 2026

progerss-clinpm

Jun 9, 2026

quickwinstonnpm

Jun 9, 2026

react-pinojsnpm

Jun 9, 2026

savant-listingnpm

Jun 9, 2026

sb-originalnpm

Jun 9, 2026

screenpipe-mcp-httpnpm

Jun 9, 2026

shopify-app-bridge-internalnpm

Jun 9, 2026

solana-core-4npm

Jun 9, 2026

sorenson-webfontsnpm

Jun 9, 2026

sourceflow-trackernpm

Jun 9, 2026

swap-sdk-87npm

Jun 9, 2026

t-invest-mcp-servernpm

Jun 9, 2026

tailwind-formnpm

Jun 9, 2026

tivo-codelib-anpm

Jun 9, 2026

transactsnpm

Jun 9, 2026

uhd-setupnpm

Jun 9, 2026

ui-ng-componentsnpm

Jun 9, 2026

ui-weavenpm

Jun 9, 2026

uipath-sugar-sellnpm

Jun 9, 2026

uisp-connectornpm

Jun 9, 2026

unifi-portalnpm

Jun 9, 2026

unleash-jsnpm

Jun 9, 2026

via-city-tools-m-particlenpm

Jun 9, 2026

void-ulidnpm

Jun 9, 2026

wallet-sdk-9npm

Jun 9, 2026

web3-tools-9npm

Jun 9, 2026

wm-mappernpm

Jun 9, 2026

xorma-jsnpm

Jun 9, 2026

zer0one-dnslognpm

Jun 9, 2026

bittensor-emission-trackerPyPI

Jun 9, 2026

braminPyPI

Jun 9, 2026

cmd2funcPyPI

Jun 9, 2026

coolboxPyPI

Jun 9, 2026

cubifyanythingPyPI

Jun 9, 2026

dreamgenPyPI

Jun 9, 2026

dstillPyPI

Jun 9, 2026

dynamo-releasePyPI

Jun 9, 2026

embiggenPyPI

Jun 9, 2026

ensmallenPyPI

Jun 9, 2026

executor-enginePyPI

Jun 9, 2026

executor-httpPyPI

Jun 9, 2026

funcdescPyPI

Jun 9, 2026

gpseaPyPI

Jun 9, 2026

instructor-mcpPyPI

Jun 9, 2026

langchain-core-mcpPyPI

Jun 9, 2026

magique-aiPyPI

Jun 9, 2026

magiquePyPI

Jun 9, 2026

mem8PyPI

Jun 9, 2026

mflux-streamlitPyPI

Jun 9, 2026

mrbiosPyPI

Jun 9, 2026

napari-ufishPyPI

Jun 9, 2026

nhmpyPyPI

Jun 9, 2026

nucboxPyPI

Jun 9, 2026

odoo-addon-spp-basePyPI

Jun 9, 2026

okitePyPI

Jun 9, 2026

openai-mcpPyPI

Jun 9, 2026

orchestr8-platformPyPI

Jun 9, 2026

pantheon-agentsPyPI

Jun 9, 2026

pantheon-toolsetsPyPI

Jun 9, 2026

phenopacket-store-toolkitPyPI

Jun 9, 2026

ppkt2synergyPyPI

Jun 9, 2026

pyphetoolsPyPI

Jun 9, 2026

ray-mcp-serverPyPI

Jun 9, 2026

rlaskPyPI

Jun 9, 2026

rsquestsPyPI

Jun 9, 2026

solana-cli-pyPyPI

Jun 9, 2026

solana-web3-pyPyPI

Jun 9, 2026

solana-web3PyPI

Jun 9, 2026

spadataPyPI

Jun 9, 2026

spateo-releasePyPI

Jun 9, 2026

spaysdataPyPI

Jun 9, 2026

spaysdatarbxPyPI

Jun 9, 2026

spaysrbdataPyPI

Jun 9, 2026

spaysrbxPyPI

Jun 9, 2026

spl-token-pyPyPI

Jun 9, 2026

synagoPyPI

Jun 9, 2026

tao-subnet-metricsPyPI

Jun 9, 2026

tiktoken-mcpPyPI

Jun 9, 2026

tlaskPyPI

Jun 9, 2026

ufishPyPI

Jun 9, 2026

ultimate-ai-powerPyPI

Jun 9, 2026

uprobePyPI

Jun 9, 2026

xfoofooxPyPI

Jun 9, 2026

Frequently asked questions

What is a malicious package?

A malicious package is a library published to an open-source registry (npm, PyPI, etc.) that contains harmful code — a credential stealer, backdoor, or data exfiltrator — often disguised as a useful tool or typosquatting a popular package. Unlike a vulnerability, you don't patch it; you remove it and rotate any secrets it could reach.

How do I know if a package I use is malicious?

Look it up here at /malware/{ecosystem}/{name} (for example, /malware/pypi/embiggen). If the package is flagged, the page lists the malicious versions, what the code does, and the indicators of compromise. You can also scan your whole dependency tree with O3 Security to catch malicious packages at install time and in CI.

What should I do if I installed a malicious package?

Remove it from your project and lockfile immediately, then assume any secrets the build or runtime could reach were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Match the published SHA-256 IOCs against your package cache and build artifacts to confirm exposure.

Which registries does this cover?

npm, PyPI, Go, Maven, RubyGems, crates.io (Rust), NuGet, and other ecosystems tracked in the OSV malicious-packages dataset. New advisories appear here within hours of being published.

Where does this malware data come from?

From OSV's public MAL- advisory namespace, fed by the OpenSSF malicious-packages project — and many of the advisories you'll see credit O3 Security as the finder, from our own supply-chain research.

Block malicious packages before they install

O3 Security checks every dependency against known-malicious package intelligence at install time and in CI — stopping packages like these before any post-install script runs.

Supply-chain protection