Which versions of devlino are malicious?

The following npm versions of devlino are flagged malicious: 1.0.1, 1.0.2, 1.0.3, 1.0.6, 1.0.8, 1.0.9. Treat any of these as compromised.

How do I remediate devlino if I installed it?

Remove devlino from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed devlino — how do I know if it already compromised me?

If devlino was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is devlino part of a known attack campaign?

Yes — devlino is associated with the GHSA-jx86-pq3j-fp99 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find devlino across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for devlino (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging devlino across your stack and pipelines.

Malicious package

devlinonpm

Malicious code in devlino (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-1421

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall devlino

What this malware does

The package devlino was found to contain malicious code.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The OpenSSF Package Analysis project identified 'devlino' @ 1.0.1 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Malicious versions

6 flagged

1.0.11.0.21.0.31.0.61.0.81.0.9

Indicators of compromise (SHA-256)

d44e060181996bac9a8221eed5f5b111cb4c7be9b816ae99a4d0b9c2bc625798

c931542c6640fca44c641962dd91ef48f2f5335a4829a6908be1a28ce8f32b99

745a014a7797e10af479efbd7a9f20e4c4ae41220664a0b196875f3f4a501be8

01c0acd7cfe7595a47311b410ad7d02e1039c4885e45832226a9bd71f97639f7

281813817374a8d4756bfce0e03cc4f9b8a1d94078ef4cfdee5de9f56012d0d3

749bb9ce5461b422dd576c89616cb9c65aaf653fc737e0df5d60c2f33086a6e5

e2d2201ff31202f25731c9699e97997f89ed857a82aa98a9feaa0ebe1243c45f

9ab9a10cdd7f1009bc1531da7299dc55e1a8ab63a76e1175becfff1dd629cf0f

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for devlino (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging devlino across your stack and pipelines.
If you installed it — respond
Remove devlino from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If devlino was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks devlino before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. devlino on npm has been identified as a malicious package (versions 1.0.1, 1.0.2, 1.0.3, 1.0.6, 1.0.8, 1.0.9 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

GHSA-jx86-pq3j-fp99

References

github.com

Credits

Amazon Inspector · finder
OpenSSF: Package Analysis · finder

Detect & block this

O3 blocks devlino-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring