Which versions of @gbrlxvi/ts-form-utils are malicious?

The following npm versions of @gbrlxvi/ts-form-utils are flagged malicious: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 2.0.0, 2.1.0. Treat any of these as compromised.

How do I remediate @gbrlxvi/ts-form-utils if I installed it?

@gbrlxvi/ts-form-utils is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed @gbrlxvi/ts-form-utils — how do I know if it already compromised me?

If @gbrlxvi/ts-form-utils was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

How do I find @gbrlxvi/ts-form-utils across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @gbrlxvi/ts-form-utils (14 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @gbrlxvi/ts-form-utils across your stack and pipelines.

Malicious package

@gbrlxvi/ts-form-utilsnpm

Malicious code in @gbrlxvi/ts-form-utils (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5753

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall @gbrlxvi/ts-form-utils

What this malware does

Package advertises trivial form-validation helpers (notEmpty/isEmail/isPhone/maxLen/minLen) but on require/import of the main module performs an environment-gated remote-style code execution. index.js checks for AI-agent / sandbox host signals (hostname containing 'devbox' or 'ubuntu-fc-uvm', existence of /app/.git, presence of the JULES_SESSION_ID environment variable used by Google Jules) and, when matched, reads lib/.perf.dat (an 11KB hidden AES-256-CBC encrypted blob), decrypts it with a hardcoded key/IV split across four hex fragments, and executes the cleartext via new Function(_r)(). Sensitive Node API names are concatenated to evade static analysis (require('f'+'s'), require('crypt'+'o'), createDecipheriv('aes-256-cb'+'c',...)) and the entire block is wrapped in try{...}catch(_){} so failures are silent. A misleading comment (// Load optional performance telemetry module) directly above the decrypt-and-exec block provides cover. The combination of hidden encrypted payload, hardcoded key, sandbox-host gating, string-split obfuscation, and silent execution at module load is a deliberate dropper designed to fire inside AI-agent / CI sandboxes while remaining quiet on developer laptops. Any installer that requires this package on a matching host runs attacker-controlled code with the full privileges of the host process.

Malicious versions

14 flagged

1.0.01.0.11.0.21.1.01.2.11.3.01.4.01.5.01.6.01.7.01.8.01.9.02.0.02.1.0

Indicators of compromise (SHA-256)

020672b183cc7624f9352dcd99d6584755d8aba7c2c3b8ba2c51488db921ac69

1e64a8a601d0ea3395020f8e7e6a6e05ca0c0bbc97690ad1f10ecddfea2a0881

612a7d24d129dc2a7ef33c1c079e054f495c64e7b45a48d449548b53e86b14f3

797e08685dd81cf8f98e89032aa97cb7c73383b41c9fa8054f8c5a143366a00a

99f7d879480f11f118972f459c1241dc3ba43af5f4804b2908234db38765e337

feae9607963762c439f72fa10db6739490b3547d2ad787884c33d1a1cb4f4278

07e94a7b3fb5fa835a6456daa2e996705fc78efcb9f1949433c7dd84a679c96a

3aca9046854cfa926ed61680c83ba720f0735b51e28d16db3bfe476d4015fd1d

40c6b2e7595f2f399f83210113aad2fe1cf27abad0b19d91f278b596f1141b12

6e9ba9e4eaae207ea3e9962b8623ce38b6fdf7e39f12c4562311ca3cc9c8dc72

6f1a493f8ae8bef2cdd8afbb113b8e0f0c2bd86f4ef0e7ac7e34bddd23b65f29

71d9cedec03f81b8bd1478618d964a8aaa3cd4060c2189de90c64633653f0abf

76dbf856004a1077cd98f2e249671d488b49858447c08f83bf8463af791f471c

7e846712a26aa26f3405f3073038bc0b0083a339a19cd9e1d006094e475768a4

20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32

40ea39992b18e1c80361e9288e87dad2250cb2c92dfa042116d87b9228c9ce0b

68b77f82c4db9fdd54fb212d46c02aee277e47036a925849a25a0b7edb9658bb

8243efd91b1e880868a29bdf8ce365aaf44eb4d5d8d67551105e0418862c3fa1

ad9403a3859b206bc3ff5a70afc9649e6e026130c79f241208b1c1101b85cfc3

c62a5b59d2296c1241ce25b759510f46dc9624e8768134bed2d35841a8b624bc

d7f8cb27d87fdbfaa52e6a62a0e0c315c3b80d2a582dbe383d9c8b1b66d774ba

f4e6e1f5854ed9e6b2556c791180b5c6818a54d642cace327b29925cae3efe10

19fed3d40ad4eeace127713807d02dc10231019dc1c01d1d2bab2bd1ca059a29

382d1a2d470f2c29c585259a7043c3bfaf61a8a4d5e8b6d4077d2ad9d1195401

da4236ad5bf725cfd50b5da20d0a6a499dbe78fec666f63fd2444e2669d57d40

ea64905deb85e1c575b0cc0aa13b908dd0befe94dbc781444826986123f20174

ed706d68c22a68cd54df5d0b9c17de5317c1ea8e97dc5e1655768c4fa99bbcea

f9bc61771148f9c7f8c14c8faa5bffa2f4b460cc4d1f4b61269c5c1f28c3a0b3

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @gbrlxvi/ts-form-utils (14 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @gbrlxvi/ts-form-utils across your stack and pipelines.
If you installed it — respond
@gbrlxvi/ts-form-utils is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If @gbrlxvi/ts-form-utils was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks @gbrlxvi/ts-form-utils before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. @gbrlxvi/ts-form-utils on npm has been identified as a malicious package (versions 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.1, 1.3.0, 1.4.0, 1.5.0, and 6 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006433IN-MAL-2026-006436IN-MAL-2026-006430IN-MAL-2026-006434IN-MAL-2026-006438IN-MAL-2026-006419IN-MAL-2026-006420IN-MAL-2026-006418IN-MAL-2026-006439IN-MAL-2026-006423IN-MAL-2026-006432IN-MAL-2026-006415IN-MAL-2026-006422IN-MAL-2026-006429IN-MAL-2026-006435IN-MAL-2026-006425IN-MAL-2026-006440IN-MAL-2026-006424IN-MAL-2026-006416IN-MAL-2026-006427IN-MAL-2026-006431IN-MAL-2026-006421IN-MAL-2026-006428IN-MAL-2026-006441IN-MAL-2026-006426IN-MAL-2026-006437IN-MAL-2026-006417IN-MAL-2026-006442

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks @gbrlxvi/ts-form-utils-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring