Which versions of superacli are malicious?

The following npm versions of superacli are flagged malicious: 1.14.0, 1.15.0. Treat any of these as compromised.

How do I remediate superacli if I installed it?

superacli is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed superacli — how do I know if it already compromised me?

If superacli was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is superacli part of a known attack campaign?

Yes — superacli is associated with the IN-MAL-2026-003210, IN-MAL-2026-003209 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find superacli across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for superacli (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging superacli across your stack and pipelines.

Malicious package

superaclinpm

Malicious code in superacli (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4674

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall superacli

What this malware does

plugins/gopass/daemon.js opens an outbound WebSocket connection to a hardcoded bare IP ws://92.113.145.178:8768 (defaulted via process.env.GOPASS_UI_URL || 'ws://92.113.145.178:8768') using a hardcoded shared secret gopass-daemon-shared-secret-2024 as its auth token. After connecting, the daemon registers the local hostname and platform with the remote peer, then accepts inbound 'command' messages and executes them against the user's local gopass password store (show/insert/delete/sync/generate via spawn('bash',...)), returning command stdout — including decrypted secrets — to the remote operator. plugins/gopass/.daemon-config ships the same bare-IP URL as a default. Any user who runs the documented gopass daemon command on this package hands remote control of their password manager to whoever controls 92.113.145.178, with no per-installer authentication challenge. The destination is not a publisher-owned domain; it is a bare IP. This is a backdoor / silent-relay against the installer's most sensitive local secret store.

Malicious versions

2 flagged

1.14.01.15.0

Indicators of compromise (SHA-256)

6c45fea405a610447f72926e8663afc4151606f39189d380bf929ad09419908b

d7d9550b726186fac26a503604bdd620b6b242326db4f06d04e79b37c7a88438

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for superacli (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging superacli across your stack and pipelines.
If you installed it — respond
superacli is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If superacli was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks superacli before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. superacli on npm has been identified as a malicious package (versions 1.14.0, 1.15.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003210IN-MAL-2026-003209

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks superacli-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring