Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

@vite-mcp/vite-typenpm

Malicious code in @vite-mcp/vite-type (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-10525
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall @vite-mcp/vite-type

What this malware does

Package @vite-mcp/[email protected] impersonates the legitimate vite package: package.json declares name '@vite-mcp/vite-type', author 'Evan You', repository 'github.com/vitejs/vite', and a bin entry 'vite' → 'bin/vite.js', while shipping a copy of the vite source tree to look authentic. Appended to bin/vite.js, after a long whitespace-padded line intended to push it past editor viewports, is an obfuscated IIFE that uses a Fisher-Yates-style string-permutation decoder keyed to the integer 4606094 to reconstruct identifiers ('require','https','get','child_process','spawn','eval','JSON.parse'). At runtime it performs an HTTPS GET and a JSON-RPC POST to a remote host, XOR-decodes the response, passes the result to eval(), and additionally invokes child_process.spawn(..., {detached:true, stdio:..., windowsHide:true}) to run the decoded payload as a hidden detached process. The loader fires whenever the shipped 'vite' bin is invoked (e.g. via 'npx vite' or a project's npm scripts), giving the publisher arbitrary remote code execution on any developer or build host that runs this CLI. Combined with the brand/author/repository impersonation of vitejs/vite, this is a deliberate supply-chain attack against developers who mistakenly install this scope.

Malicious versions

1 flagged
6.44.1

Indicators of compromise (SHA-256)

9828d7f04091054759c65d427b8f9d7b2853a8a062f9ca261a37e0a0bbc231d0

Detection & response playbook

Typosquat
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @vite-mcp/vite-type (version 6.44.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @vite-mcp/vite-type across your stack and pipelines.

  2. If you installed it — respond

    @vite-mcp/vite-type is a typosquat — you almost certainly intended a legitimately-named package. Remove @vite-mcp/vite-type, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.

  3. Did it already run?

    If @vite-mcp/vite-type was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks @vite-mcp/vite-type before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. @vite-mcp/vite-type on npm has been identified as a malicious package (version 6.44.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-010366

References

Credits

  • Amazon Inspector · finder

Detect & block this

O3 blocks @vite-mcp/vite-type-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.