Which versions of react-state-optimizer-core are malicious?

The following npm versions of react-state-optimizer-core are flagged malicious: 1.0.0, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9. Treat any of these as compromised.

How do I remediate react-state-optimizer-core if I installed it?

Remove react-state-optimizer-core from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed react-state-optimizer-core — how do I know if it already compromised me?

If react-state-optimizer-core was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is react-state-optimizer-core part of a known attack campaign?

Yes — react-state-optimizer-core is associated with the RLMA-2026-01537, RLUA-2026-02032 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find react-state-optimizer-core across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for react-state-optimizer-core (16 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging react-state-optimizer-core across your stack and pipelines.

Malicious package

react-state-optimizer-corenpm

Malicious code in react-state-optimizer-core (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-1839

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall react-state-optimizer-core

What this malware does

The package react-state-optimizer-core was found to contain malicious code.

Malicious versions

16 flagged

1.0.01.0.21.0.31.0.41.0.51.0.61.0.71.0.81.0.93.0.33.0.43.0.53.0.63.0.73.0.83.0.9

Indicators of compromise (SHA-256)

315971e393bd01bf8f61b828a3621ce0edab60cbaced986a795595e3aed0484d

782cd7f3728f924a764bf54c8c73a27b8170cdf85f11902e6d8d806db39fa172

8b77bafb02c9ee680890e012ee4f7c4b39753bda8bbb5a6560b6b3aaa0950f5a

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for react-state-optimizer-core (16 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging react-state-optimizer-core across your stack and pipelines.
If you installed it — respond
Remove react-state-optimizer-core from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If react-state-optimizer-core was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks react-state-optimizer-core before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. react-state-optimizer-core on npm has been identified as a malicious package (versions 1.0.0, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, and 8 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2026-01537RLUA-2026-02032

References

reversinglabs.com

Credits

Amazon Inspector · finder
ReversingLabs · finder

Detect & block this

O3 blocks react-state-optimizer-core-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring