Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

selparsecss-selectornpm

Malicious code in selparsecss-selector (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-10687
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall selparsecss-selector

What this malware does

[email protected] is a name-confusion fork of postcss-selector-parser: package.json declares author 'Ai Pyramid' [email protected] while the LICENSE-MIT, source tree, API, and CHANGELOG are copied verbatim from the upstream postcss-selector-parser (Ben Briggs). The tarball ships dist/util/webpack.min.js, a ~40KB obfuscator.io-packed bundle with a rotated 757-entry string array and an RC4+base64+XOR string decoder, whose top-level IIFE destructures exec and execSync from child_process, branches on values returned by the os module, and calls process.exit(1) on specific conditions. A CSS-selector parser has no functional need for child_process shell execution. Additionally, propPaths.js and selectors/wrapper.js reconstruct filenames such as 'wrapper.js' and the extension '.jsc' from CSS-hex-escape sequences via an unesc helper, and the package declares bytenode as a runtime dependency; bytenode registers a require hook for opaque V8-bytecode.jsc files, providing a loader path for code that cannot be inspected as source. The combination — impersonated identity, obfuscated child_process-execution bundle, and hex-obfuscated bytenode load scaffolding — is a supply-chain attack shape targeting developers who intended to install postcss-selector-parser.

Malicious versions

4 flagged
1.0.01.1.02.0.02.1.0

Indicators of compromise (SHA-256)

410937a56e887da6bbd58478fa87b0ad0d4bf7d7074bc79f9c28e53d2615ffbd
431ad1bb3fe03628a36206d3b32706c18c40e8f2471d88ce5c7f8550005a6fde
464e8f88d8ae9eb9994a91abed0f03e697144d142315afcc59571f579db2ad34
f4f8e230628f3622bf88bcd590f98f8065a99ea3e71ef1bf3c330439b7671e1f

Detection & response playbook

Typosquat
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for selparsecss-selector (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging selparsecss-selector across your stack and pipelines.

  2. If you installed it — respond

    selparsecss-selector is a typosquat — you almost certainly intended a legitimately-named package. Remove selparsecss-selector, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.

  3. Did it already run?

    If selparsecss-selector was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks selparsecss-selector before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. selparsecss-selector on npm has been identified as a malicious package (versions 1.0.0, 1.1.0, 2.0.0, 2.1.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-010686IN-MAL-2026-010688IN-MAL-2026-010687IN-MAL-2026-010689

References

Credits

  • Amazon Inspector · finder

Detect & block this

O3 blocks selparsecss-selector-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

selparsecss-selector (npm) malicious package — MAL-2026-10687 | O3 Security