Which versions of @gbrlxvi/ts-form-utils are malicious?

The following npm versions of @gbrlxvi/ts-form-utils are flagged malicious: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 2.0.0, 2.1.0. Treat any of these as compromised.

How do I remediate @gbrlxvi/ts-form-utils if I installed it?

Remove @gbrlxvi/ts-form-utils from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Can O3 Security detect @gbrlxvi/ts-form-utils in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking @gbrlxvi/ts-form-utils and packages like it before any post-install script runs.

Malicious package

@gbrlxvi/ts-form-utilsnpm

Malicious code in @gbrlxvi/ts-form-utils (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5753

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall @gbrlxvi/ts-form-utils

What this malware does

Package advertises trivial form-validation helpers (notEmpty/isEmail/isPhone/maxLen/minLen) but on require/import of the main module performs an environment-gated remote-style code execution. index.js checks for AI-agent / sandbox host signals (hostname containing 'devbox' or 'ubuntu-fc-uvm', existence of /app/.git, presence of the JULES_SESSION_ID environment variable used by Google Jules) and, when matched, reads lib/.perf.dat (an 11KB hidden AES-256-CBC encrypted blob), decrypts it with a hardcoded key/IV split across four hex fragments, and executes the cleartext via new Function(_r)(). Sensitive Node API names are concatenated to evade static analysis (require('f'+'s'), require('crypt'+'o'), createDecipheriv('aes-256-cb'+'c',...)) and the entire block is wrapped in try{...}catch(_){} so failures are silent. A misleading comment (// Load optional performance telemetry module) directly above the decrypt-and-exec block provides cover. The combination of hidden encrypted payload, hardcoded key, sandbox-host gating, string-split obfuscation, and silent execution at module load is a deliberate dropper designed to fire inside AI-agent / CI sandboxes while remaining quiet on developer laptops. Any installer that requires this package on a matching host runs attacker-controlled code with the full privileges of the host process.

Malicious versions

14 flagged

1.0.01.0.11.0.21.1.01.2.11.3.01.4.01.5.01.6.01.7.01.8.01.9.02.0.02.1.0

Indicators of compromise (SHA-256)

020672b183cc7624f9352dcd99d6584755d8aba7c2c3b8ba2c51488db921ac69

1e64a8a601d0ea3395020f8e7e6a6e05ca0c0bbc97690ad1f10ecddfea2a0881

612a7d24d129dc2a7ef33c1c079e054f495c64e7b45a48d449548b53e86b14f3

797e08685dd81cf8f98e89032aa97cb7c73383b41c9fa8054f8c5a143366a00a

99f7d879480f11f118972f459c1241dc3ba43af5f4804b2908234db38765e337

feae9607963762c439f72fa10db6739490b3547d2ad787884c33d1a1cb4f4278

07e94a7b3fb5fa835a6456daa2e996705fc78efcb9f1949433c7dd84a679c96a

3aca9046854cfa926ed61680c83ba720f0735b51e28d16db3bfe476d4015fd1d

40c6b2e7595f2f399f83210113aad2fe1cf27abad0b19d91f278b596f1141b12

6e9ba9e4eaae207ea3e9962b8623ce38b6fdf7e39f12c4562311ca3cc9c8dc72

6f1a493f8ae8bef2cdd8afbb113b8e0f0c2bd86f4ef0e7ac7e34bddd23b65f29

71d9cedec03f81b8bd1478618d964a8aaa3cd4060c2189de90c64633653f0abf

76dbf856004a1077cd98f2e249671d488b49858447c08f83bf8463af791f471c

7e846712a26aa26f3405f3073038bc0b0083a339a19cd9e1d006094e475768a4

20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32

40ea39992b18e1c80361e9288e87dad2250cb2c92dfa042116d87b9228c9ce0b

68b77f82c4db9fdd54fb212d46c02aee277e47036a925849a25a0b7edb9658bb

8243efd91b1e880868a29bdf8ce365aaf44eb4d5d8d67551105e0418862c3fa1

ad9403a3859b206bc3ff5a70afc9649e6e026130c79f241208b1c1101b85cfc3

c62a5b59d2296c1241ce25b759510f46dc9624e8768134bed2d35841a8b624bc

d7f8cb27d87fdbfaa52e6a62a0e0c315c3b80d2a582dbe383d9c8b1b66d774ba

f4e6e1f5854ed9e6b2556c791180b5c6818a54d642cace327b29925cae3efe10

19fed3d40ad4eeace127713807d02dc10231019dc1c01d1d2bab2bd1ca059a29

382d1a2d470f2c29c585259a7043c3bfaf61a8a4d5e8b6d4077d2ad9d1195401

da4236ad5bf725cfd50b5da20d0a6a499dbe78fec666f63fd2444e2669d57d40

ea64905deb85e1c575b0cc0aa13b908dd0befe94dbc781444826986123f20174

ed706d68c22a68cd54df5d0b9c17de5317c1ea8e97dc5e1655768c4fa99bbcea

f9bc61771148f9c7f8c14c8faa5bffa2f4b460cc4d1f4b61269c5c1f28c3a0b3

Frequently asked questions

No. @gbrlxvi/ts-form-utils on npm has been identified as a malicious package (versions 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.1, 1.3.0, 1.4.0, 1.5.0, and 6 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006433IN-MAL-2026-006436IN-MAL-2026-006430IN-MAL-2026-006434IN-MAL-2026-006438IN-MAL-2026-006419IN-MAL-2026-006420IN-MAL-2026-006418IN-MAL-2026-006439IN-MAL-2026-006423IN-MAL-2026-006432IN-MAL-2026-006415IN-MAL-2026-006422IN-MAL-2026-006429IN-MAL-2026-006435IN-MAL-2026-006425IN-MAL-2026-006440IN-MAL-2026-006424IN-MAL-2026-006416IN-MAL-2026-006427IN-MAL-2026-006431IN-MAL-2026-006421IN-MAL-2026-006428IN-MAL-2026-006441IN-MAL-2026-006426IN-MAL-2026-006437IN-MAL-2026-006417IN-MAL-2026-006442

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection