Which versions of tsliverhome are malicious?

The following npm versions of tsliverhome are flagged malicious: 1.0.0, 1.1.3, 1.1.4, 1.1.5. Treat any of these as compromised.

How do I remediate tsliverhome if I installed it?

tsliverhome is a typosquat — you almost certainly intended a legitimately-named package. Remove tsliverhome, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.

I already installed tsliverhome — how do I know if it already compromised me?

If tsliverhome was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is tsliverhome part of a known attack campaign?

Yes — tsliverhome is associated with the IN-MAL-2026-002751, IN-MAL-2026-002752, IN-MAL-2026-002753, IN-MAL-2026-002754 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find tsliverhome across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for tsliverhome (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging tsliverhome across your stack and pipelines.

Malicious package

tsliverhomenpm

Malicious code in tsliverhome (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-3775

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall tsliverhome

What this malware does

Package name 'tsliverhome' impersonates the widely-used 'tslib' package (~300M weekly downloads). The shipped README.md is a verbatim copy of Microsoft/tslib's README (titled '# tsliv', describing the TypeScript --importHelpers runtime library), designed to reassure a developer who mistyped the name. The actual code in index.js has no relation to tslib: the exported getPlugin() function issues an HTTP GET to https://verceljs-kappa.vercel.app/icons/23, JSON.parses the response body, and passes it directly to eval(). The destination is a generic Vercel preview-style host not tied to any declared publisher, is not version-pinned, and the fetched bytes are not hash- or signature-verified. Any consumer who imports this package and calls getPlugin() will execute arbitrary JavaScript under the control of whoever operates verceljs-kappa.vercel.app. Supporting signals: package.json ships placeholder metadata (empty description, empty author, no repository, no homepage), consistent with throwaway-publisher typosquat packages. The combination of (a) name-confusion with a top-tier target, (b) README impersonation of that target, and (c) a remote-fetch-and-eval payload in the exported API constitutes a deliberate supply-chain attack against developers who mistype 'tslib'.

Malicious versions

4 flagged

1.0.01.1.31.1.41.1.5

Indicators of compromise (SHA-256)

0855b4d02a0d276e8a6cf97b7c62d457b8ef4d851e243d758c2308d451e0876e

5c4db6a48fc6f6bbda3c925104e3e6acd47c5d21462bbef4788fc4398b75d6ef

a864c875216fe3cb9b5f1c2bd83f8145cba56f4c5fe7b16ede8296984743f5e7

b67461921c7e465510602304d712f8caa79c28204ffb7861c3b0feb264ca8476

Detection & response playbook

Typosquat

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for tsliverhome (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging tsliverhome across your stack and pipelines.
If you installed it — respond
tsliverhome is a typosquat — you almost certainly intended a legitimately-named package. Remove tsliverhome, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.
Did it already run?
If tsliverhome was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks tsliverhome before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. tsliverhome on npm has been identified as a malicious package (versions 1.0.0, 1.1.3, 1.1.4, 1.1.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-002751IN-MAL-2026-002752IN-MAL-2026-002753IN-MAL-2026-002754

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks tsliverhome-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring