Which versions of cheerio-tool are malicious?

The following npm versions of cheerio-tool are flagged malicious: 1.0.3, 1.0.4, 1.0.5. Treat any of these as compromised.

How do I remediate cheerio-tool if I installed it?

cheerio-tool is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed cheerio-tool — how do I know if it already compromised me?

If cheerio-tool was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is cheerio-tool part of a known attack campaign?

Yes — cheerio-tool is associated with the IN-MAL-2026-002657, IN-MAL-2026-002656, IN-MAL-2026-002658 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find cheerio-tool across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for cheerio-tool (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging cheerio-tool across your stack and pipelines.

Malicious package

cheerio-toolnpm

Malicious code in cheerio-tool (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-3756

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall cheerio-tool

What this malware does

cheerio-tool typosquats the popular cheerio HTML parser (README claims 'Cheerio Tool utility helpers', keywords are 'lodash','utilities', and index.js self-describes as 'lodash-js — Just a dummy module. The real payload is in postinstall.js'). On npm install, the declared postinstall script node postinstall.js runs a credential harvester and crypto-wallet scanner. It reads installer secret files including ~/.npmrc, ~/.env, and ~/.git-credentials, extracts npm auth tokens (_authToken, npm_[A-Za-z0-9]{36}), API keys, database URLs, AWS/GCP cloud credentials, payment keys, and webhook secrets. It enumerates Chrome, Brave, Edge, Chromium, Vivaldi, and Opera profile directories, iterates Local Extension Settings/<wallet-id> against 71 hardcoded browser wallet extension IDs (MetaMask nkbihfbeogaeaoehlefnkodbefgpgknn, Phantom, Coinbase, Trust, Ledger, Trezor, etc.), and regex-matches vault, mnemonic, seed phrase, private key, and encrypted-blob material from the LevelDB .log files. It additionally scans ~/Documents, ~/Desktop, and ~/Downloads for files matching seed/backup/wallet/phrase/crypto/metamask/phantom/vault/key/private and checks contents against BIP-39 wordlists. Collected data is bundled with hostname and username and POSTed to hardcoded http://149.28.127.35:8888 (plain HTTP, bare IPv4, overridable via C2_URL env var). The source self-identifies as 'Token harvester + Crypto wallet scanner — Runs on npm install. Silent. Zero trace.' Any developer or CI system that installs this package loses their npm publish token, project environment secrets, git credentials, and browser-resident cryptocurrency wallet seed phrases.

Malicious versions

3 flagged

1.0.31.0.41.0.5

Indicators of compromise (SHA-256)

085d4e53d556a496d4d5295afbdf94d97c4e361e84486c19f3095de48363375d

2d51a2885f4eaff732d1ef7ab065b04d21c59263b1212d5b92b92c87914ef879

e181c3d755ca04ad5d20706f0e3461d1d7c3e17f91f34c7f5d90819bcf255b82

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for cheerio-tool (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging cheerio-tool across your stack and pipelines.
If you installed it — respond
cheerio-tool is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If cheerio-tool was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks cheerio-tool before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. cheerio-tool on npm has been identified as a malicious package (versions 1.0.3, 1.0.4, 1.0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-002657IN-MAL-2026-002656IN-MAL-2026-002658

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks cheerio-tool-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring