npm threat feed

Malicious packages, on record.

Track recently blocked npm package versions from LPM Firewall scans and public OSV/GHSA advisories. Open any row for the affected version, evidence summary, verdict source, and current install policy.

Latest malicious packages

chai-redirection@0.0.1

Static source inspection confirms unconsented import-time execution of a detached helper that retrieves and evaluates remote payloads. This is concrete malicious behavior, not merely a su...

Remote Code Execution38 mins ago
searchresults@999.0.0

The inspected source confirms unconsented install-time collection and exfiltration of environment and host metadata to external endpoints. The declared security-research PoC purpose does...

Data Exfiltration42 mins ago
@roarpeng/graphflow@1.3.4

Source inspection confirms package.json lifecycle execution and install-time writes/registration into Trae, Cursor, Claude/MCP-style agent surfaces outside the package namespace. This mat...

Ai Agent Control Hijack1 hour ago
moflo@4.11.1

Source inspection confirms automatic postinstall writes into consumer .claude agent-control paths, matching the blockable AI-agent control hijack policy. The native pruning and restart no...

Ai Agent Control Hijack1 hour ago
peaks-loop@3.1.1

Direct source inspection confirms a postinstall lifecycle script that installs package-supplied instructions into multiple home-level AI-agent surfaces by default. Under the supplied inst...

Ai Agent Control Hijack2 hours ago
konnektive-one@1.0.1

Static inspection confirms concrete protestware in the shipped main bundle, despite otherwise package-aligned checkout API behavior and no install hook. Because the code can intentionally...

Protestware2 hours ago
mdb-vite@1.5.2

Direct source inspection confirms a deceptive package-aligned facade with runtime remote code execution from an attacker-controlled endpoint. Lack of lifecycle hooks reduces install-time...

Remote Code Execution2 hours ago
amicus@1.9.1

Static source inspection confirms lifecycle-triggered writes to foreign/broad Claude skill and MCP control surfaces, including home config files and auto-latest MCP registration. Under th...

Ai Agent Control Hijack3 hours ago
claude-codex-wechat@0.1.31

This is not install-time malware, but the runtime package deliberately creates a remotely reachable AI-agent control path with normal approval/sandbox protections disabled and persistent...

Ai Agent Control Hijack3 hours ago
polymarket-apis@1.1.0

Source inspection confirms server-controlled remote code execution from a non-package-aligned host in a package that misrepresents its purpose. The lack of install-time execution lowers a...

Remote Code Execution3 hours ago
showing 110 of 50