Which versions of gpt-sdk are malicious?

The following npm versions of gpt-sdk are flagged malicious: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4. Treat any of these as compromised.

How do I remediate gpt-sdk if I installed it?

Remove gpt-sdk from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is gpt-sdk part of a known attack campaign?

Yes — gpt-sdk is associated with the IN-MAL-2026-005630, IN-MAL-2026-005629, IN-MAL-2026-005632, IN-MAL-2026-005627, IN-MAL-2026-005628, IN-MAL-2026-005635, IN-MAL-2026-005631, IN-MAL-2026-005633, IN-MAL-2026-005634 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect gpt-sdk in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking gpt-sdk and packages like it before any post-install script runs.

Malicious package

gpt-sdknpm

Malicious code in gpt-sdk (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5612

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall gpt-sdk

What this malware does

On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of /etc/hosts (non-loopback entries, often internal domain controllers and service mappings on corporate machines), Windows Active Directory variables (USERDNSDOMAIN, USERDOMAIN, LOGONSERVER), USERNAME, USERPROFILE, OneDrive folder name (frequently contains the company name), VPN client signals, the configured npm registry URL, and CI repository identifiers (GITHUB_REPOSITORY, CIRCLE_*, CI_PROJECT_PATH, BITBUCKET_REPO_FULL_NAME, BUILD_REPOSITORY_URI, TRAVIS_REPO_SLUG, JENKINS_URL, CI_SERVER_URL). The collected fields are concatenated into a query string and sent via plaintext HTTP GET to http://46.224.67.169:3000/ping. The package's main module is empty (module.exports = {}), so the postinstall beacon is the package's only effect, and the README falsely claims No data is collected. This is a classic supply-chain reconnaissance/targeting payload designed to map corporate networks, internal AD topology, and CI/CD environments of installers.

Malicious versions

9 flagged

0.1.00.1.10.1.20.1.30.2.00.2.10.2.20.2.30.2.4

Indicators of compromise (SHA-256)

3b189d67039a0809f379bfa3326c53c2dc3101cd478a1e4eb824f5340127f9b8

56a2edaa039d88ff00946f2f6cf04c4e71125e19eb6acf14f55b204dad6fc6a5

62c573f4f046136e5e8b204006307dfb27c12f44cac368760039012774f9d9cd

6aa9f69c9cd28d936a9ee48cab500d7e54fc9340c6b7dad04f61abb0be1c548f

8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c

9b1433569a2b005d72e07401c5c9df2b8deeccd28d0c2f4dcee04290de1a16c3

a7f3cb39fa444c54e0daf12fc82164d246c10ab3ed8a03d6744c5208f5673da3

fe482d9e0f67751436a60e3fd47a6abedf64cefc9ba52f75d73dabab6ecfbbca

403431c755cda3be79aeb830bfc9e9c938a1bd4101f4f4740309ee7685b9d258

Frequently asked questions

No. gpt-sdk on npm has been identified as a malicious package (versions 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.2.3, and 1 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005630IN-MAL-2026-005629IN-MAL-2026-005632IN-MAL-2026-005627IN-MAL-2026-005628IN-MAL-2026-005635IN-MAL-2026-005631IN-MAL-2026-005633IN-MAL-2026-005634

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection