@mandujs/core@0.54.7
Mandu Framework Core - Spec, Generator, Guard, Runtime
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
A narrow-focus index of malicious packages caught exfiltrating credentials — across npm, PyPI, GitHub Actions, the VS Code Marketplace, and Hugging Face. AWS keys, npm/PyPI tokens, browser cookies, wallet seeds, AI API keys, CI secrets. Each entry quotes the actual exfiltration code.
We don't track package pollution, generic typosquats without a payload, or wallet drainers without credential theft. Just packages that actually try to steal something. See methodology for the inclusion criteria.
Latest packages classified as malicious or pending review by the analyzer pipeline. Every entry links to the package, its tarball, and the offending code.
Mandu Framework Core - Spec, Generator, Guard, Runtime
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Agent-Native Fullstack Framework - 에이전트가 코딩해도 아키텍처가 무너지지 않는 개발 OS
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Published metadata catalog for JSKIT package descriptors.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Unified theme + template helpers for Stelnyx CLI reports (LuxScope, LuxFaber, SecGate).
Which kinds of credentials caught packages were after, by category. Cloud platform keys, source-control tokens, browser logins, password manager stores, crypto wallets, AI API keys.
Long-form, source-verified analyses of notable NHI credential leak events. Reviewed by Cremit research before publish.
On 2026-05-19 the @antv npm publisher session was used to ship 639 malicious versions across 323 packages, the Mini Shai-Hulud campaign now totals 1,055 versions across 502 packages.
npm worm hit 373 versions across 169 packages (@tanstack, @squawk, @uipath, mistralai) via trusted-publishing OIDC abuse and a prepare-script git dep that exfiltrates cloud and registry secrets at install.
npm publisher microsop pushed 36 versions across 6 Apple-themed packages between May 4–11, 2026, fingerprinting Apple internal CI and exfiltrating npmrc, env vars, and git origin to 12 rotating webhook.site endpoints.
A malicious build of @bitwarden/cli was published to the public npm registry for roughly 90 minutes, exfiltrating cloud tokens, SSH keys, and AI tooling credentials from CI runners and developer machines.
A third-party AI tool used by a Vercel employee was compromised, leading to Google Workspace takeover and access to non-sensitive environment variables in a subset of customer projects.
Compromised maintainer publish credentials were used to push two malicious versions of the official @solana/web3.js npm package, embedding a routine that exfiltrated private keys from any wallet using the SDK.