Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

@onescience/onecodenpm

Malicious code in @onescience/onecode (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-10717
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall @onescience/onecode

What this malware does

The postinstall lifecycle script runs ensurePlatformBinary, which when the optionalDependency install fails to populate the platform package falls back to fetching a.tgz over HTTPS from a hardcoded bare-IP endpoint, https://218.90.133.98:4443/onecode_tgz/, with rejectUnauthorized:false disabling TLS certificate verification. The fetched archive is extracted with tar, the extracted binary is chmod 0755 and hardlinked into bin/.onecode, and that binary becomes the CLI invoked as onecode. No hash or signature verification is performed, the host is a bare IP rather than a publisher-owned domain, and the URL always constructs onecode-linux-x64-<version>.tgz regardless of the detected platform/arch. Whoever controls the endpoint at 218.90.133.98:4443 — or any on-path attacker, given TLS verification is disabled — can deliver arbitrary executable content to any installer whose optional platform dependency fails to install.

Malicious versions

3 flagged
1.14.50-2026071610381.14.50-2026071611391.14.50-202607161710

Indicators of compromise (SHA-256)

5928c2edb03c7fc9a909b2ff56355dde83cab5e7776512204a35e274120932f5
d334dd52244b44793af06be86dfd8d0de20ea8bb6d28cc1e4016b5fa45432578
fa28860ddf0274e1a39af78373aa118824c4479ef158d166d230de533a1b34d0

Detection & response playbook

Malicious package
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @onescience/onecode (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @onescience/onecode across your stack and pipelines.

  2. If you installed it — respond

    Remove @onescience/onecode from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

  3. Did it already run?

    If @onescience/onecode was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks @onescience/onecode before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. @onescience/onecode on npm has been identified as a malicious package (versions 1.14.50-202607161038, 1.14.50-202607161139, 1.14.50-202607161710 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-010746IN-MAL-2026-010765IN-MAL-2026-010769

References

Credits

  • Amazon Inspector · finder

Detect & block this

O3 blocks @onescience/onecode-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.