campaigns/owner-change wave

active

refire #36

members

combined blast

930K/wk

last alerted

1h ago

2026-05-20

fire count

first alerted 19h ago

// members

Every caught package that currently matches this cluster's axis, replayed live over the last 7 days. Snippets show where the cluster identifier appears in the package's static excerpt or which takeover heuristic fired.

// publishers in this wave

Same wave, split by the publisher who pushed each malicious version. Corporate ownership transfers (one bot pumping several scoped names) look different from real dormant takeovers (many unrelated dormant maintainers tripping in parallel) — the split makes the shape visible.

iaaron·3 packages·71K/wk

npm/·@1.0.5·18h ago·
prev: baizn@1.0.4
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
npm/·@2.4.1·18h ago·
prev: pomelo-nwu@2.4.0
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
npm/·@0.8.24·71K/wk·18h ago·
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 3 known-vendor host(s), 1 other host(s).

·3 packages·70K/wk

npm/·@0.8.25·18h ago·
prev: iaaron@0.8.24
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
npm/·@0.8.25·18h ago·
prev: iaaron@0.8.24
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
npm/·@0.8.25·70K/wk·18h ago

·3 packages·125K/wk

npm/·@2.0.1-beta.0·18h ago·
prev: panyuqi@1.8.7
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 2 known-vendor host(s).
npm/·@2.1.28-beta.0·63K/wk·19h ago·
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 2 known-vendor host(s).
npm/·@2.1.23-beta.0·62K/wk·

·2 packages·45K/wk

npm/·@1.0.55·32K/wk·18h ago·
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
npm/·@2.0.5·13K/wk·18h ago·
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 2 known-vendor host(s), 1 other host(s).

·2 packages·120K/wk

npm/·@0.2.2·120K/wk·18h ago·
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
npm/·@0.1.3·19h ago·
prev: zqlu@0.1.2
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

·2 packages·144K/wk

npm/·@2.0.4·19h ago·
prev: atool@2.0.3
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
npm/·@0.2.5·144K/wk·19h ago·
prev: atool@0.2.3
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

·1 package

npm/·@3.0.7·18h ago·
prev: alanwei0@3.0.6
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

·1 package

npm/·@0.2.0·18h ago·
prev: atool@0.1.2
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

·1 package

npm/·@0.0.11·18h ago·
prev: lviser@0.0.10
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 2 known-vendor host(s).

·1 package·354K/wk

npm/·@5.4.8·354K/wk·18h ago·
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

·1 package·1.3K/wk

npm/·@3.6.0-alpha.0·1.3K/wk·19h ago·
```
recent-owner-change
```
llm: No suspicious destination, no remote-exec shape — 2 known-vendor host(s).