How do I remediate github-badge-bot if I installed it?

Remove github-badge-bot from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed github-badge-bot — how do I know if it already compromised me?

If github-badge-bot was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is github-badge-bot part of a known attack campaign?

Yes — github-badge-bot is associated with the GHSA-r39w-33gw-8p5g campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find github-badge-bot across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for github-badge-bot (24 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging github-badge-bot across your stack and pipelines.

Malicious package

github-badge-botnpm

Malicious code in github-badge-bot (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-46

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall github-badge-bot

What this malware does

The package github-badge-bot was found to contain malicious code.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The OpenSSF Package Analysis project identified 'github-badge-bot' @ 1.11.7 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Malicious versions

24 flagged

1.6.31.6.41.6.61.7.11.7.21.7.31.7.61.8.11.8.51.8.71.8.91.9.01.9.21.9.41.9.51.10.01.10.31.10.41.11.21.11.31.11.41.11.71.14.11.15.0

Indicators of compromise (SHA-256)

f87cd6af8d38dd37db1b6aca4f637451fe3303fa73ed0705216e3711bc4d0167

8f427bc7bcd3bfb173311bffdab461e2c6fc5350dc9ab3f7dc5e9a4ef6d16728

c1e71c7448fda61062fad2e007aee9c6c5efc95a862221eb62c14c5cb734d6b4

cefb771b2b26452ed43cdd31ce3974a90ada3a91f4bbb7d41839ff8f01bd6568

df8c7947c5b1bd80905a379b14f8b8b5d667f30039b2d563f4c6253846345f31

1ed92f7f3df0c47f34048a6289018b3c93da81641e2a51bb877d228f3c574a7b

4e8207e1887c69789379634df8a885892151921afb345d354e3e09ebcb89cbef

e2edf74eb2cf1073453a80702acd9b1ad8feffc28fbdde84df527568b1ece3ab

edebcc47b012c07b7b298bae609a8c8e5c38217aa37f56e57afdc89057bc4d90

1748d16ed65c2191d73006451bcce1410ffead9f3112cf7b11677f0d3628afbd

2710aecd9adfbf3952689b13a22f685f62abfdc3d9115ec409dff1d3e596470c

5aee29ac783a29d0b43c943373d38efa73033269d375073de911f3e9334bab90

7d2d0d71bc4d0515f3267f52194a198a29cb8fda424b181dc487315d83e7be1e

b273012aea1cc15eca4a4df90626fabed96d6013316a45c9dd9a4cd560aa2692

b4e52b5b5e7183af177f70b16bcdeaea40f2e64c1602619393de90d1338f8f72

e85fe6d79727da3a3c48e3d9aceda44db72238c46b48849e2ab7caf0045c7ac8

5a808226682b51460541af34bb3cfb91f2548782c2d058011c7200e82641d6c1

71240ebcb9828454340b08258268ed94ce7731c0a02682e0674feca3d1a69185

9156a899ca194cc826de766360057a6082ac80c0a8bd4ffdb0736c53a05900e1

c2651c5443ce04227f3a7c18e620258da12d28e80d77ff331a66455a7d7cd612

f21f6ce79b48d700e9fa73cbac7da1d7e75a6c8e0a559e74f4ff2e1020a943ab

ab6c74bf1d662901c091e88dad8693fb3612ec7a593cb063718f260307c432c0

2902fdc26601366c64df2a575bbad3c2d7772ad2b7100a861acecde2a4b08519

4ce849de3f475613519d935ebcec572904adb3cec9408846b4b59c8e7d84bf68

909d471ccef4d19b5d7196f52e7ee8e0d57acda765e40e28b392b82334d18391

977332050e5500e60fe1591b2f32d5f5860349a1ed189483f9d82756dca12d28

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for github-badge-bot (24 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging github-badge-bot across your stack and pipelines.
If you installed it — respond
Remove github-badge-bot from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If github-badge-bot was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks github-badge-bot before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. github-badge-bot on npm has been identified as a malicious package (versions 1.6.3, 1.6.4, 1.6.6, 1.7.1, 1.7.2, 1.7.3, 1.7.6, 1.8.1, and 16 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

GHSA-r39w-33gw-8p5g

References

github.com

Credits

Amazon Inspector · finder
OpenSSF: Package Analysis · finder

Detect & block this

O3 blocks github-badge-bot-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring