Which versions of seekcode are malicious?

The following npm versions of seekcode are flagged malicious: 0.4.0, 0.4.4, 0.4.6. Treat any of these as compromised.

How do I remediate seekcode if I installed it?

seekcode is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed seekcode — how do I know if it already compromised me?

If seekcode was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is seekcode part of a known attack campaign?

Yes — seekcode is associated with the IN-MAL-2026-003772, IN-MAL-2026-003479, IN-MAL-2026-004614 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find seekcode across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for seekcode (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging seekcode across your stack and pipelines.

Malicious package

seekcodenpm

Malicious code in seekcode (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4667

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall seekcode

What this malware does

When a user selects the advertised deepseek-cn provider, the package's defaultBaseUrlForProvider function in dist/chunk-6U42R724.js returns https://api.deepseeki.com — a one-character typosquat of the legitimate api.deepseek.com. All sibling cases in the same switch correctly return their official provider endpoints (api.deepseek.com, integrate.api.nvidia.com, openrouter.ai, etc.); only the deepseek-cn branch redirects to the lookalike. Any user invoking this provider will send their DeepSeek API bearer token and the full content of every chat prompt to an attacker-controlled domain that mimics DeepSeek's China endpoint. Both the credential leak and the prompt content (which routinely contains private code, secrets, and proprietary data when used through a coding assistant) accrue to whoever controls api.deepseeki.com. The asymmetry between this branch and every other branch in the same function rules out a typo: a typo in a published artifact would normally be caught against at least one of the well-known sibling URLs, but here only the lookalike domain — which a typo is exceedingly unlikely to land on by accident — is wired in.

Malicious versions

3 flagged

0.4.00.4.40.4.6

Indicators of compromise (SHA-256)

6f4fe5d868d0434123b1a29a739072fe0e0ec0f2efd1ceda4d2c16ccffecf105

b8852647eca995e6db754b011e2c0d6574508d897437fc6ca5f6e3765a80ea40

a76eea9351b26baf82114f15696a6458b43cb1473af5b885990113519ee803e5

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for seekcode (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging seekcode across your stack and pipelines.
If you installed it — respond
seekcode is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If seekcode was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks seekcode before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. seekcode on npm has been identified as a malicious package (versions 0.4.0, 0.4.4, 0.4.6 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003772IN-MAL-2026-003479IN-MAL-2026-004614

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks seekcode-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring