Which versions of wml-components are malicious?

The following npm versions of wml-components are flagged malicious: 99.0.1. Treat any of these as compromised.

How do I remediate wml-components if I installed it?

wml-components is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed wml-components — how do I know if it already compromised me?

If wml-components was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is wml-components part of a known attack campaign?

Yes — wml-components is associated with the IN-MAL-2026-004692, IN-MAL-2026-004693 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find wml-components across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for wml-components (version 99.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging wml-components across your stack and pipelines.

Malicious package

wml-componentsnpm

Malicious code in wml-components (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4730

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall wml-components

What this malware does

[email protected] declares preinstall: node poc.js in package.json, so npm install automatically runs poc.js with no consent step. poc.js iterates process.env and captures every variable whose name matches credential-shaped prefixes (TOKEN, AWS, AZURE, NPM, GITHUB, GITLAB, CI_, JENKINS, WALMART, WMT, BUILD, PROJECT, REPO, etc.) with full values, runs host-recon commands (ip a/ipconfig /all, id/whoami /all, os.hostname(), os.platform()), and walks up the directory tree reading the parent project's package.json and CI configuration (.gitlab-ci.yml, .github/workflows, Jenkinsfile, azure-pipelines.yml). The collected bundle is POSTed over HTTPS to a hardcoded interactsh out-of-band callback host (d8a5d9pon5bugoc35cngp9hcregcqyezu.oast.me, poc.js:11 and poc.js:113). The package's main is an empty object — it provides no functionality and exists only to execute the exfiltration payload. The name and version ([email protected]) are shaped as a dependency-confusion lure against an internal Walmart wml-* namespace, with the high version number designed to win resolution over the legitimate internal package. Although the package description claims authorized bug-bounty testing, any developer or CI system outside the intended scope that resolves this name (mistyped dependency, public-mirror automation, untargeted CI) leaks credentials, source-tree metadata, and host identifiers to the attacker-controlled OAST endpoint.

Malicious versions

1 flagged

99.0.1

Indicators of compromise (SHA-256)

d65cdf836cae85d721f6a982c5941bd18037d4a3554ec4b69cd5828591ee0e20

e9a67aea364794c5ced3d0219cade6f3cba41fe5754ab7620d86286143aa0622

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for wml-components (version 99.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging wml-components across your stack and pipelines.
If you installed it — respond
wml-components is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If wml-components was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks wml-components before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. wml-components on npm has been identified as a malicious package (version 99.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004692IN-MAL-2026-004693

References

npmjs.com

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks wml-components-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring