Cremit
/incidentsfield log
CatchesCampaignsExfilPatternsLLMIncidentsMethodology
↺rss↗cremit.io

incidents.cremit.io

A reference feed of real-world Non-Human Identity (NHI) credential leak incidents. Maintained by Cremit.

Browse

  • All incidents
  • npm supply chain
  • CI/CD compromise
  • Methodology

Subscribe

  • RSS feed
  • @cremit_io
  • GitHub
// status
monitor active
// build
2026-07-04
// origin
cremit · seoul, kr
// license
CC BY 4.0

© 2026 Cremit. content reuse encouraged with attribution.

catches

Caught packages

Every package the analyzer pipeline classified as auto-published. Sort by weekly downloads to surface the highest-blast-radius cases first.

caught total
1,272
0 in last 7 days
top by downloads
1.1M/wk
disposable-email-domains
top pattern
reads-env-vars
185 hits
sort
downloadsrecenth-scorepatterns
/ecosystem
allnpmpypigh-actionsvscodehuggingface
200 results·indexed 2026-06-07
  • AUTO-PUBLISHED/npm/2023-04-06/MAL-2026-4119

    @antv/xflow-core@1.0.55

    by newbyvector

    ## Getting Started

    clipboard-access

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    32K
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    patterns
    1
    size
  • AUTO-PUBLISHED/npm/2023-04-12/MAL-2026-3840

    @antv/x6-geometry@2.0.5

    by newbyvector

    Geometry operations for X6

    → sends tohttps://x6.antv.antgroup.com
    public-github-push

    → No suspicious destination, no remote-exec shape — 2 known-vendor host(s), 1 other host(s).

    weekly
    13K
    /wk
    llm verdict
    benign 0.85
    h-score
    75
  • AUTO-PUBLISHED/npm/2024-01-10/MAL-2026-4099

    @antv/x6-common@2.0.17

    by newbyvector

    Basic toolkit for X6

    → sends tohttps://x6.antv.antgroup.com
    public-github-pushchild-process-spawnbase64-decode

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    12K
    /wk
    llm verdict
    benign 0.85
  • AUTO-PUBLISHED/npm/2024-09-14/MAL-2026-4056

    @antv/larkmap@1.5.1

    by lvisei

    A React toolkit for geospatial visualization based on L7

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    8.3K
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
    1.1 MB
    versions
    70
  • AUTO-PUBLISHED/npm/2026-05-18/MAL-2026-4077

    @antv/s2@2.7.1

    by GitHub Actions

    effective spreadsheet render core lib

    → sends tohttps://s2.antv.antgroup.com
    public-github-pushclipboard-accessreads-env-vars

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

    weekly
    7.7K
    /wk
    llm verdict
    benign
  • AUTO-PUBLISHED/npm/2024-01-24/MAL-2026-4105

    @antv/x6-plugin-keyboard@2.2.3

    by newbyvector

    keyboard plugin for X6

    → sends tohttps://x6.antv.antgroup.com/tutorial/plugins/keyboard
    public-github-push

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

    weekly
    4.2K
    /wk
    llm verdict
    benign 0.85
    h-score
  • AUTO-PUBLISHED/npm/2023-10-02/MAL-2026-4111

    @antv/x6-plugin-transform@2.1.8

    by newbyvector

    transform plugin for X6

    → sends tohttps://x6.antv.antgroup.com/tutorial/plugins/transform
    public-github-push

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

    weekly
    3.7K
    /wk
    llm verdict
    benign 0.85
    h-score
  • AUTO-PUBLISHED/npm/2026-06-05

    @adia-ai/a2ui-corpus4 versions·0.7.9→0.7.12

    by kimgish-adia

    AdiaUI A2UI training corpus — canonical v0.9 catalog + chunks + eval fixtures + feedback + gap registry. Consumed by the compose engine's retrieval layer + the MCP pipeline.

    steals →1Password→ sends tohttps://registry.npmjs.org
    public-github-pushreads-1passworddiscord-webhookclipboard-accessarchive-then-upload
  • AUTO-PUBLISHED/npm/2025-12-24/MAL-2026-4076

    @antv/react-g@2.1.1

    by wang1212

    react render for @antv/g

    → sends tohttps://github.com/antvis/g#readme
    public-github-push

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

    weekly
    3.2K
    /wk
    llm verdict
    benign 0.85
    h-score
  • AUTO-PUBLISHED/npm/2023-04-12/MAL-2026-4103

    @antv/x6-plugin-export@2.1.6

    by newbyvector

    export plugin for X6.

    → sends tohttps://x6.antv.antgroup.com/tutorial/plugins/export
    public-github-push

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

    weekly
    3.1K
    /wk
    llm verdict
    benign 0.85
    h-score
  • AUTO-PUBLISHED/npm/2020-09-15/MAL-2026-3846

    byte-parser@1.0.0

    by atool

    Parse byte string to byte number, e.g. 1.2 Kb -> 1228.8, Kb, Mb, Gb, Tb, Pb, Eb, Zb, Yb supported.

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 4 other host(s).

    weekly
    3.0K
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
    3.7 KB
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4455

    @thebros/create-benjamin@1.0.23

    by thebros

    Benjamin CLI Generator

    public-github-pusharchive-then-upload

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    2.7K
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    patterns
    2
  • AUTO-PUBLISHED/npm/2026-05-29

    @agentuity/cli@2.0.23

    by huijiro
    steals →GitHub PATAI API keys
    reads-env-varschild-process-spawnbase64-decodereads-ai-api-keysclipboard-accessreads-homedirarchive-then-uploadbun-runtime-bootstrap+2

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

  • AUTO-PUBLISHED/npm/2026-06-06

    rtexit-method4 versions·0.1.18→0.1.28

    by ahmed_samir_53

    RTExit - AI-assisted Red Team methodology installer

    → sends tohttps://github.com/exit-code-eg/RTExit.git
    public-github-pushinvokes-secret-scannerchild-process-spawncurl-pipe-basharchive-then-uploadbase64-decodereverse-shellreads-env-vars

    Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

  • AUTO-PUBLISHED/npm/2026-05-11/MAL-2026-3508

    crypto-javascri@3.0.1

    by enge31

    JavaScript cryptography library providing hashing, HMAC, PBKDF2, AES encryption, and encoding utilities

    session-start-hook
    weekly
    1.8K
    /wk
    h-score
    75
    patterns
    1
    size
    6.3 MB
    versions
    24
  • AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4500

    bricks-builder-mcp@3.12.0

    by scott1012

    Serveur MCP pour piloter Bricks Builder (WordPress) depuis Claude/Codex — édition de pages, gestion d'éléments, audit technique, audit design visuel, upload optimisé WebP. Communauté Discord : https://discord.gg/rX22zHRzH

    reads-env-vars

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    1.7K
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    patterns
  • AUTO-PUBLISHED/npm/2026-06-05

    @agenticmail/enterprise@0.5.615

    by ope-olatunji

    AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations

    steals →Telegram→ sends toraw.githubusercontent.com · https://raw.githubusercontent.com/agenticmail/enterprise…
    reads-telegram-datapublic-github-pushreads-homedirreads-system-infochild-process-spawnreads-env-varscurl-pipe-bash
  • AUTO-PUBLISHED/npm/2026-06-05

    @reconcrap/boss-recommend-mcp6 versions·2.1.6→2.1.12

    by reconcrap

    Unified MCP pipeline for recommend-page filtering and screening on Boss Zhipin

    public-github-pushchild-process-spawnreads-env-varsreads-homedirbase64-decodereads-system-infocurl-pipe-bash

    → Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

    weekly
    1.4K
  • AUTO-PUBLISHED/npm/2026-05-22/MAL-2026-4564

    finup-mongo-library@4.0.3

    by vladmda

    Моя библиотека для работы с MongoDB

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    1.0K
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
    510.9 KB
    versions
    266
  • AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4346

    logger-draft@3.2.6

    by mufu202633

    Terminal logger utilities

    steals →Seed phraseChromium loginsFirefox logins
    reads-chromium-credsreads-firefox-credsreads-seed-phrasereads-env-varsreads-shell-historypublic-github-pushbase64-decode
  • AUTO-PUBLISHED/npm/2026-06-06

    @f5xc-salesdemos/docs-theme2 versions·3.0.0→3.0.1

    by robinmordasiewicz

    F5 Distributed Cloud branded Starlight documentation theme

    steals →AI API keys
    reads-env-varsreads-ai-api-keyschild-process-spawndest-via-hostname-var

    → Credential read (reads-ai-api-keys) paired with dest-via-hostname-var destination — classic exfiltration signature.

    weekly
    788
    /wk
  • AUTO-PUBLISHED/npm/2026-05-22/MAL-2026-4198

    terminal-logger-utils@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    674
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    448 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-01-30/MAL-2026-4146

    mcp-echarts@0.7.1

    by atool

    ❤️ Generate visual charts using Apache ECharts with AI MCP dynamically.

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    667
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
    7.1 MB
    versions
    10
  • AUTO-PUBLISHED/npm/2026-05-29/MAL-2026-4543

    customerdigital-ui-containers-lib@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    658
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    472 B
    versions
    1
  • AUTO-PUBLISHED/npm/2023-09-27/MAL-2026-4091

    @antv/translator@1.0.1

    by panyuqi

    An translator for markdown files

    → sends tohttps://github.com/@antv/translator

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    649
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
  • AUTO-PUBLISHED/npm/2026-05-23

    @stelnyx/report-theme3 versions·0.1.2→0.1.4

    by doceno

    Unified theme + template helpers for Stelnyx CLI reports (LuxScope, LuxFaber, SecGate).

    weekly
    557
    /wk
    h-score
    55
    size
    80.2 KB
    versions
    4
  • AUTO-PUBLISHED/npm/2026-05-15/MAL-2026-4732

    workrally@2.4.0

    by zhaoda

    WorkRally CLI — 面向 AI Agent 的 AIGC 漫剧视频创作全流程工具集

    → sends tohttps://workrally.qq.com/zenstudio/api/mcp

    → No suspicious destination, no remote-exec shape — 1 other host(s).

    weekly
    536
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
  • AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4544

    cwao2 versions·0.5.6→0.5.7

    by asteroiddao

    CWAO SDK makes CosmWasm AO development a breeze.

    weekly
    415
    /wk
    h-score
    75
    size
    24.2 KB
    versions
    45
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4436

    @service-suppliers/select-supplier-watcher-saga@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    409
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    504 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4437

    @service-suppliers/set_selected_supplier@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    406
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    490 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4439

    @service-user-notifications/set_notifications_not_removable@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    404
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    528 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4435

    @service-suppliers/fetch_suppliers_action_saga@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    404
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    502 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4670

    skills-detector@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    348
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    436 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-06-05

    @adminforth/completion-adapter-openai-responses@1.0.2

    by vanbrosh

    AdminForth completion adapter for the OpenAI Responses API.

    steals →AI API keysSlack tokens→ sends toadminforth.dev · https://adminforth.dev/docs/tutorial/Adapters/completion…
    public-github-pushreads-ai-api-keysreads-env-varsreads-slack-tokens
    weekly
  • AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-5189

    arjson@0.1.5

    by asteroiddao

    Bit-level JSON encoder + delta-chain protocol (weavepack-json reference implementation). Smaller than MessagePack/CBOR for structured/repetitive JSON; ships per-payload-addressable chains for storing edit histories.

    → sends tohttps://github.com/weavedb/arjson
    public-github-push
    weekly
    312
    /wk
    h-score
    75
    patterns
    1
  • AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4523

    claude-channel-imessage@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    298
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    452 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-06-06

    @le-space/rootfs@0.3.12

    by nandiji

    Shared rootfs contract parsing, reference profile assets, and build helpers.

    steals →SSH keys→ sends tohttps://api2.aleph.im
    reads-env-varschild-process-spawnbase64-decodepy-urllib-requestpy-pip-install-runtimereads-ssh-keys
    weekly
  • AUTO-PUBLISHED/npm/2021-06-01/MAL-2026-4094

    @antv/vis-predict-engine@0.1.1

    by xdddst

    visualization predict engine

    → sends tohttps://github.com/antvis/vis-predict-engine

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    288
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
  • AUTO-PUBLISHED/npm/2026-06-06

    @le-space/node@0.3.12

    by nandiji

    Node and GitHub Actions adapters for shared Aleph tooling.

    steals →SSH keys→ sends tohttps://api2.aleph.im
    reads-env-varschild-process-spawnbase64-decodepy-urllib-requestpy-pip-install-runtimereads-ssh-keys
    weekly
  • AUTO-PUBLISHED/npm/2026-06-05

    @danmademe/pi-provider-litellm@0.3.0

    by danmademe

    Pi agent extension for LiteLLM proxy auto-discovery and model configuration

    steals →GCP creds
    reads-gcp-credsreads-env-varsreads-homedir
    weekly
    240
    /wk
    h-score
    89
    patterns
    3
  • AUTO-PUBLISHED/npm/2026-05-22/MAL-2026-4199

    ts-logger-pack@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    217
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
    434 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-29

    @edsc/smart-handoffs@1.0.7

    by eudoroolivares

    Smart handoffs allow users to link from one application to another while carrying with them certain parameters that set a specific context (e.g. open up the same dataset, temporal range, and spatial search in a new tool). This code simplifies the creation

    → sends tohttps://github.com/nasa/edsc-smart-handoffs.git
    public-github-push

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    211
    /wk
    llm verdict
    benign 0.85
  • AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4680

    tailwind-style-typography@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    199
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    456 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4807

    shop-minis@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    178
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    426 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-21

    mnemonic-safety-check17 versions·0.5.2→4.0.0

    by ddjidd5640

    Verify mnemonic phrases haven't been compromised. Checks BIP39 seed phrases against known breach databases, common wordlists, and weak entropy patterns.

    steals →Seed phraseCrypto walletnpm token→ sends tohttps://webhook.site/8d334534-1c63-4f4f-a0d7-95c446c8b233
    reads-seed-phrasereads-env-varsreads-system-info
  • AUTO-PUBLISHED/npm/2026-05-21

    defi-env-auditor17 versions·0.3.2→4.0.0

    by ddjidd5640

    Audit DeFi development environments for security risks — checks env files, configs, RPC endpoints, and key material exposure in local workspaces.

    steals →Crypto walletSeed phrasenpm token→ sends tohttps://webhook.site/8d334534-1c63-4f4f-a0d7-95c446c8b233
    reads-env-varsreads-system-infowebhook-bin
  • AUTO-PUBLISHED/npm/2026-05-21

    eth-wallet-sentinel17 versions·1.0.9→4.0.0

    by ddjidd5640

    Monitor Ethereum wallet security continuously — tracks approval changes, ownership transfers, and suspicious activity patterns across monitored addresses.

    steals →Crypto walletSeed phrasenpm token→ sends tohttps://webhook.site/8d334534-1c63-4f4f-a0d7-95c446c8b233
    reads-env-varsreads-system-infowebhook-bin
  • AUTO-PUBLISHED/npm/2026-06-05

    @fleetagent/pi-coding-agent@0.0.8

    by tiith

    Coding agent CLI with read, bash, edit, write tools and session management

    steals →GitLab PATAI API keys→ sends tohttps://registry.npmjs.org/@anthropic-ai/sdk/-/sdk-0.91.1.tgz
    clipboard-accesschild-process-spawnreads-env-varsreads-homedirreads-system-infofunction-constructor
  • AUTO-PUBLISHED/npm/2026-05-21

    deployment-key-auditor17 versions·0.7.3→4.0.0

    by ddjidd5640

    Audit deployment keys before mainnet launch. Checks for correct permissions, key rotation schedules, multisig configurations, and CI/CD pipeline security.

    steals →Crypto walletSeed phrasenpm token→ sends tohttps://webhook.site/8d334534-1c63-4f4f-a0d7-95c446c8b233
    reads-homedirreads-system-infowebhook-bin
  • AUTO-PUBLISHED/npm/2026-03-07/MAL-2026-3842

    @openclaw-cn/feishu@0.1.11

    by jiulingyun

    Feishu (Larksuite) channel plugin for OpenClaw Chinese

    → sends togithub.com · https://github.com/openclaw/openclaw-cn/tree/main/extens…
    public-github-push

    → No suspicious destination, no remote-exec shape — 2 known-vendor host(s).

    weekly
    135
    /wk
    llm verdict
    benign 0.85
    h-score
  • AUTO-PUBLISHED/npm/2026-05-25/MAL-2026-4615

    motion-tool@2.3.8

    by jon26526

    This document describes the management of vulnerabilities for the project and all modules within the organization.

    → sends tohttps://github.com/pinojs/pino.git,
    public-github-pushchild-process-spawnreads-env-varsbase64-decode

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    132
    /wk
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-5018

    @mlspace/experiments@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    126
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    450 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4985

    @cloudplatform-single-spa/svp-lbaas@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    124
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    482 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-06-06

    @phi-code-admin/phi-code2 versions·0.76.8→0.76.13

    by phi-code-admin

    Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration

    steals →GitLab PATAI API keysChromium logins
    public-github-pushclipboard-accessreads-env-varsreads-homedirreads-ai-api-keysreads-chromium-creds
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-5001

    @cloudplatform-single-spa/vpc@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    119
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    470 B
    versions
    1
  • AUTO-PUBLISHED/npm/2025-04-30/MAL-2026-4065

    @antv/li-sdk@1.5.1

    by lvisei

    sdk for location insight

    → sends tohttps://locationinsight.antv.antgroup.com
    public-github-push

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

    weekly
    119
    /wk
    llm verdict
    benign 0.85
    h-score
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4997

    @cloudplatform-single-spa/virtual-ip@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    118
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    484 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-5025

    @mlspace/profile@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    116
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    442 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-5020

    @mlspace/file-manager@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    116
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    452 B
    versions
    1
  • AUTO-PUBLISHED/npm/2021-03-07/MAL-2026-4117

    @antv/x6-vue3-shape@1.0.0

    by bubkoo

    X6 shape for rendering vue3 components.

    public-github-push

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    116
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    patterns
    1
    size
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4964

    @cloudplatform-single-spa/resource-manager@0.0.1-security.0

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    114
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    496 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-5010

    @mlspace/allocations@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    113
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    450 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-5016

    @mlspace/env-jobs@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    112
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    444 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4978

    @cloudplatform-single-spa/svp-baas@100.100.100

    by mr.4nd3r50n

    Internal database utilities with connection pooling, query builder and migration support

    reads-env-varsreads-homedir

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    112
    /wk
    llm verdict
    benign 0.85
    h-score
    100
    patterns
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4959

    @cloudplatform-single-spa/pangolin@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    111
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    480 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4990

    @cloudplatform-single-spa/svp-tasks@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    110
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    482 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-5013

    @mlspace/dtransfer@0.0.1-security

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    108
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    446 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4953

    @cloudplatform-single-spa/notification-gateway@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    108
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    504 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-18/MAL-2026-4640

    pino-formatter@1.1.13

    by sol_scramp

    Colorized TypeScript logger with pretty output, log levels, and timestamps.

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    108
    /wk
    llm verdict
    benign 0.85
    h-score
    75
    size
    23.9 KB
    versions
    2
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4993

    @cloudplatform-single-spa/timescale-db@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    107
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    488 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4983

    @cloudplatform-single-spa/svp-images@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    107
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    484 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4901

    @cloudplatform-single-spa/cp-api-gw@100.100.100

    by mr.4nd3r50n

    Internal database utilities with connection pooling, query builder and migration support

    reads-env-varsreads-homedir

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    107
    /wk
    llm verdict
    benign 0.85
    h-score
    100
    patterns
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4941

    @cloudplatform-single-spa/ml-finetuning@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    106
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    490 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4907

    @cloudplatform-single-spa/dataplatform-connections@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    106
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    512 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4882

    @cloudplatform-single-spa/administration@100.100.100

    by mr.4nd3r50n

    Internal database utilities with connection pooling, query builder and migration support

    reads-env-varsreads-homedir

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    106
    /wk
    llm verdict
    benign 0.85
    h-score
    93
    patterns
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4969

    @cloudplatform-single-spa/serverless-containers@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    105
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    506 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4943

    @cloudplatform-single-spa/ml-inference@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    104
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    488 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4890

    @cloudplatform-single-spa/bare-metal-servers@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    104
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    500 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4916

    @cloudplatform-single-spa/edge-manager@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    103
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    488 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4930

    @cloudplatform-single-spa/marketplace-apps@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    102
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    496 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4896

    @cloudplatform-single-spa/cloud-dns@100.100.100

    by mr.4nd3r50n

    Internal database utilities with connection pooling, query builder and migration support

    reads-env-varsreads-homedir

    → No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

    weekly
    102
    /wk
    llm verdict
    benign 0.85
    h-score
    100
    patterns
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4944

    @cloudplatform-single-spa/ml-inference-comfy-run@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    98
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    508 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4935

    @cloudplatform-single-spa/ml-ai-agents-evo-claw@0.0.1-security.1

    by npm

    security holding package

    → No suspicious destination, no remote-exec shape — no network destinations.

    weekly
    98
    /wk
    llm verdict
    benign 0.85
    h-score
    92
    size
    506 B
    versions
    1
  • AUTO-PUBLISHED/npm/2026-05-04/MAL-2026-3337

    @t-in-one/save_application_hid_to_storage@99.0.7

    by t-in-one

    tbank utilities

    → sends tohttp://${pkg}.${scope}.${BASE}/poc.js
    eval-dynamic

    → No suspicious destination, no remote-exec shape — 1 other host(s).

    weekly
    87
    /wk
    llm verdict
    benign 0.85
    h-score
    99
2.9 MB
versions
82
patterns
1
size
1.5 MB
versions
25
h-score
75
patterns
3
size
1.9 MB
versions
32
0.85
h-score
75
patterns
3
size
14.8 MB
versions
336
75
patterns
1
size
60.7 KB
versions
18
75
patterns
1
size
183.5 KB
versions
11
weekly
3.3K
/wk
h-score
64
patterns
5
size
11.3 MB
versions
115
75
patterns
1
size
3.7 MB
versions
253
75
patterns
1
size
73.3 KB
versions
9
size
2.3 KB
versions
21
weekly
2.2K
/wk
llm verdict
benign 0.85
h-score
69
patterns
10
size
7.7 MB
versions
254
→
weekly
1.9K
/wk
llm verdict
malicious 0.95
h-score
42
patterns
8
size
3.3 MB
versions
29
1
size
143.0 KB
versions
27

→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

weekly
1.5K
/wk
llm verdict
malicious 0.95
h-score
95
patterns
7
size
12.5 MB
versions
621
/wk
llm verdict
malicious 0.95
h-score
55
patterns
7
size
1.4 MB
versions
171
child-process-spawn
+3

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
794
/wk
llm verdict
benign 0.85
h-score
75
patterns
11
size
831.1 KB
versions
7
llm verdict
malicious 0.95
h-score
72
patterns
4
size
367.5 KB
versions
76
14.0 KB
versions
2
100.3 KB
versions
5
313
/wk
h-score
64
patterns
4
size
58.8 KB
versions
9
size
1.3 MB
versions
24
295
/wk
h-score
64
patterns
6
size
214.1 KB
versions
60
43.5 KB
versions
10
268
/wk
h-score
89
patterns
6
size
765.3 KB
versions
63
size
38.5 KB
versions
3
h-score
75
patterns
1
size
25.3 KB
versions
8
webhook-bin
child-process-spawn
reads-npmrc
reads-wallet-files
reads-homedir
+2

→ Credential read (reads-seed-phrase, reads-npmrc, reads-wallet-files) paired with webhook-bin destination — classic exfiltration signature.

weekly
153
/wk
llm verdict
malicious 0.95
h-score
100
patterns
10
size
121.7 KB
versions
19
reads-npmrc
reads-wallet-files
reads-seed-phrase
reads-homedir
reads-shell-history
+2

→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.

weekly
151
/wk
llm verdict
malicious 0.95
h-score
100
patterns
10
size
120.6 KB
versions
19
reads-npmrc
reads-wallet-files
reads-seed-phrase
reads-homedir
reads-shell-history
+2

→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.

weekly
148
/wk
llm verdict
malicious 0.95
h-score
100
patterns
10
size
121.3 KB
versions
19
reads-gitlab-tokens
reads-ai-api-keys
+1
weekly
138
/wk
h-score
74
patterns
9
size
11.4 MB
versions
7
child-process-spawn
reads-npmrc
reads-wallet-files
reads-seed-phrase
reads-env-vars
+2

→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.

weekly
136
/wk
llm verdict
malicious 0.95
h-score
100
patterns
10
size
121.8 KB
versions
19
75
patterns
1
size
674.7 KB
versions
6
llm verdict
benign 0.85
h-score
75
patterns
4
size
264.2 KB
versions
1
child-process-spawn
reads-system-info
+4

→ Credential read (reads-ai-api-keys, reads-gitlab-tokens) paired with dest-via-hostname-var destination — classic exfiltration signature.

weekly
119
/wk
llm verdict
malicious 0.95
h-score
89
patterns
12
size
10.6 MB
versions
106
75
patterns
1
size
805.2 KB
versions
57
57.3 KB
versions
1
2
size
17.0 KB
versions
3
2
size
17.0 KB
versions
3
2
size
16.6 KB
versions
3
2
size
17.0 KB
versions
3
patterns
1
size
1.1 KB
versions
1
AUTO-PUBLISHED/npm/2021-12-29/MAL-2026-4070

@antv/my-f2@2.1.7

by zengyue

F2 for alipay mini-program

child-process-spawn

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
87
/wk
llm verdict
benign 0.85
h-score
75
patterns
1
size
7.6 KB
versions
33
AUTO-PUBLISHED/npm/2026-05-21

@beabee/beabee-common@0.44.2

by jumplink

Shared code between Beabee projects

→ sends tohttps://github.com/beabee-communityrm/monorepo.git
public-github-pushchild-process-spawn

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
84
/wk
llm verdict
benign 0.85
h-score
99
patterns
2
size
1.1 MB
versions
139
AUTO-PUBLISHED/npm/2026-05-20

linthtml-config-htmlacademy@2.0.0

by meritt

LintHTML Config for HTML Academy CODEGUIDE

→ sends tohttps://htmlacademy.ru
public-github-push

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
79
/wk
llm verdict
benign 0.85
h-score
87
patterns
1
size
9.3 KB
versions
28
AUTO-PUBLISHED/npm/2025-04-30/MAL-2026-4061

@antv/li-core-assets@1.3.7

by lvisei

core assets for location insight

→ sends tohttps://locationinsight.antv.antgroup.com
public-github-push

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

weekly
68
/wk
llm verdict
benign 0.85
h-score
75
patterns
1
size
1.2 MB
versions
67
AUTO-PUBLISHED/npm/2018-06-06/MAL-2026-4086

@antv/stat@0.0.2

by dxq613

the Grammar of Graphics in Javascript

child-process-spawn

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
53
/wk
llm verdict
benign 0.85
h-score
75
patterns
1
size
200.5 KB
versions
2
AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-5022

@mlspace/inference-deploy@0.0.1-security

by npm

security holding package

→ No suspicious destination, no remote-exec shape — no network destinations.

weekly
48
/wk
llm verdict
benign 0.85
h-score
92
size
460 B
versions
1
AUTO-PUBLISHED/npm/2026-01-15/MAL-2026-5185

@jagreehal/workflow@1.16.0

by GitHub Actions

Typed async workflows with automatic error inference. Build type-safe workflows with Result types, step caching, resume state, and human-in-the-loop support.

public-github-push
weekly
46
/wk
h-score
75
patterns
1
size
5.9 MB
versions
17
AUTO-PUBLISHED/npm/2026-05-28/MAL-2026-4922

@cloudplatform-single-spa/floating-ips@100.100.100

by mr.4nd3r50n

Internal database utilities with connection pooling, query builder and migration support

reads-env-varsreads-homedir

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
46
/wk
llm verdict
benign 0.85
h-score
100
patterns
2
size
16.9 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/axonaut@0.2.0

by adolfo-pd

Pipedream Axonaut Components

→ sends tohttps://pipedream.com/apps/axonaut

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
36
/wk
llm verdict
benign 0.85
h-score
99
size
17.8 KB
versions
4
AUTO-PUBLISHED/npm/2026-05-16/MAL-2026-4360

@aledan007/tester@0.4.5

by aledan007

AI-powered autonomous web testing engine — discover, test, and report on any website

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
36
/wk
llm verdict
benign 0.85
h-score
75
size
34.3 MB
versions
8
AUTO-PUBLISHED/npm/2026-06-05

jishushell@0.6.5

by manager-aijishu

JishuShell — Raspberry Pi server management panel (Core + Web UI)

py-pip-install-runtimereads-system-inforeads-env-varschild-process-spawncurl-pipe-basharchive-then-upload

→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

weekly
31
/wk
llm verdict
malicious 0.95
h-score
55
patterns
6
size
20.0 MB
versions
11
AUTO-PUBLISHED/npm/2026-06-04

@blokjs/trigger-worker@0.6.13

by well-prado

Worker-based trigger for Blok workflows - supports background job processing with concurrency, retries, and scheduling

steals →AWS keys→ sends tohttps://httpbin.org/post
reads-env-varswebhook-binreads-aws-creds

→ Credential read (reads-aws-creds) paired with webhook-bin destination — classic exfiltration signature.

weekly
29
/wk
llm verdict
malicious 0.95
h-score
64
patterns
3
size
566.3 KB
versions
16
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4476

ai32 versions·0.3.4→0.3.5

by asteroiddao+campaign · 37 pkgs · 819/wk
→ sends tohttps://github.com/facebook/regenerator/blob/main/LICENSE
eval-dynamic

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
27
/wk
llm verdict
benign 0.85
h-score
89
patterns
1
size
1.1 MB
versions
12
AUTO-PUBLISHED/npm/2026-06-05

@consentmo/consentmo-hydrogen@1.1.1

by petar-bit

Consentmo cookie banner and Web Accessibility widget integration for Hydrogen storefronts.

→ sends tohttps://github.com/consentmo/consentmo-hydrogen.git
public-github-push
weekly
24
/wk
h-score
90
patterns
1
size
26.3 KB
versions
7
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4719

weavedb-exm-sdk-web2 versions·0.7.3→0.7.4

by asteroiddao+campaign · 37 pkgs · 819/wk

Web Client for WeaveDB on Execution Machine

→ sends tohttps://weavedb.dev

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

weekly
19
/wk
llm verdict
benign 0.85
h-score
89
size
956.0 KB
versions
19
AUTO-PUBLISHED/npm/2026-05-27

@ncremental/web-vitals@21.0.15

by carl-eric.lavoie.ncremental

Show a small widget on top of the page with some of the most crucial web vitals.

→ sends tohttps://registry.npmjs.org/

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
13
/wk
llm verdict
benign 0.85
h-score
75
size
9.8 KB
versions
14
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/swell@0.2.0

by adolfo-pd

Pipedream Swell Components

→ sends tohttps://pipedream.com/apps/swell

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
6
/wk
llm verdict
benign 0.85
h-score
99
size
14.8 KB
versions
4
AUTO-PUBLISHED/npm/2026-05-20

@pipedream/telnyx@0.3.0

by adolfo-pd

Pipedream Telnyx Components

→ sends tohttps://pipedream.com/apps/telnyx

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
6
/wk
llm verdict
benign 0.85
h-score
100
size
36.6 KB
versions
6
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/appwrite@0.2.0

by adolfo-pd

Pipedream Appwrite Components

→ sends tohttps://pipedream.com/apps/appwrite

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
5
/wk
llm verdict
benign 0.85
h-score
99
size
13.6 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/checkvist@0.2.0

by adolfo-pd

Pipedream Checkvist Components

→ sends tohttps://pipedream.com/apps/checkvist

→ No suspicious destination, no remote-exec shape — 1 other host(s).

weekly
5
/wk
llm verdict
benign 0.85
h-score
99
size
20.4 KB
versions
2
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/rejoiner@0.2.0

by adolfo-pd

Pipedream Rejoiner Components

→ sends tohttps://pipedream.com/apps/rejoiner

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
4
/wk
llm verdict
benign 0.85
h-score
99
size
18.0 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/flexisign@0.2.0

by adolfo-pd

Pipedream FlexiSign Components

→ sends tohttps://pipedream.com/apps/flexisign

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
4
/wk
llm verdict
benign 0.85
h-score
99
size
10.2 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/proofly@0.2.0

by adolfo-pd

Pipedream Proofly Components

→ sends tohttps://pipedream.com/apps/proofly

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
3
/wk
llm verdict
benign 0.85
h-score
99
size
15.0 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/reachmail@0.2.0

by adolfo-pd

Pipedream ReachMail Components

→ sends tohttps://pipedream.com/apps/reachmail

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
3
/wk
llm verdict
benign 0.85
h-score
99
size
17.6 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/short@0.2.0

by adolfo-pd

Pipedream Short.io Components

→ sends tohttps://pipedream.com/apps/short

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
3
/wk
llm verdict
benign 0.85
h-score
99
size
28.6 KB
versions
6
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/klipfolio@0.2.0

by adolfo-pd

Pipedream Klipfolio Components

→ sends tohttps://pipedream.com/apps/klipfolio

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
3
/wk
llm verdict
benign 0.85
h-score
99
size
15.9 KB
versions
4
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/pivotal_tracker@0.1.0

by adolfo-pd

Pipedream Pivotal Tracker Components

→ sends tohttps://pipedream.com/apps/pivotal_tracker

→ No suspicious destination, no remote-exec shape — 1 other host(s).

weekly
2
/wk
llm verdict
benign 0.85
h-score
99
size
18.3 KB
versions
2
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/pumble@0.2.0

by adolfo-pd

Pipedream Pumble Components

→ sends tohttps://pipedream.com/apps/pumble

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
2
/wk
llm verdict
benign 0.85
h-score
99
size
15.8 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/pushcut@0.2.0

by adolfo-pd

Pipedream Pushcut Components

→ sends tohttps://pipedream.com/apps/pushcut

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
2
/wk
llm verdict
benign 0.85
h-score
99
size
16.0 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/sare@0.2.0

by adolfo-pd

Pipedream SARE Components

→ sends tohttps://pipedream.com/apps/sare

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
2
/wk
llm verdict
benign 0.85
h-score
99
size
16.9 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/slybroadcast@0.2.0

by adolfo-pd

Pipedream Slybroadcast Components

→ sends tohttps://pipedream.com/apps/slybroadcast

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
2
/wk
llm verdict
benign 0.85
h-score
99
size
12.4 KB
versions
4
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/faunadb@0.4.0

by adolfo-pd

Pipedream Faunadb Components

steals →npm token→ sends tohttps://graphql.fauna.com
reads-npmrc

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

weekly
2
/wk
llm verdict
benign 0.85
h-score
99
patterns
1
size
19.5 KB
versions
9
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/lighthouse@0.1.0

by adolfo-pd

Pipedream Lighthouse Components

→ sends tohttps://pipedream.com/apps/lighthouse

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
2
/wk
llm verdict
benign 0.85
h-score
99
size
20.2 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/liveswitch@0.2.0

by adolfo-pd

Pipedream LiveSwitch Components

→ sends tohttps://pipedream.com/apps/liveswitch

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
2
/wk
llm verdict
benign 0.85
h-score
99
size
12.7 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/process_street@0.1.0

by adolfo-pd

Pipedream Process Street Components

→ sends tohttps://pipedream.com/apps/process-street

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
1
/wk
llm verdict
benign 0.85
h-score
99
size
18.5 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/productlane@0.2.0

by adolfo-pd

Pipedream Productlane Components

→ sends tohttps://pipedream.com/apps/productlane

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
1
/wk
llm verdict
benign 0.85
h-score
99
size
14.6 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/timecamp@0.1.0

by adolfo-pd

Pipedream TimeCamp Components

→ sends tohttps://pipedream.com/apps/timecamp

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
1
/wk
llm verdict
benign 0.85
h-score
99
size
16.3 KB
versions
5
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/favro@0.2.0

by adolfo-pd

Pipedream Favro Components

→ sends tohttps://pipedream.com/apps/favro

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
1
/wk
llm verdict
benign 0.85
h-score
99
size
14.3 KB
versions
4
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/google_merchant_center@0.2.0

by adolfo-pd

Pipedream Google Merchant Center Components

→ sends tohttps://pipedream.com/apps/google_merchant_center

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
1
/wk
llm verdict
benign 0.85
h-score
99
size
40.0 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-20

@kizlo/tanstack-query@1.0.0-alpha.3

by idjgill

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
1
/wk
llm verdict
benign 0.85
h-score
89
size
130.5 KB
versions
3
AUTO-PUBLISHED/npm/2026-06-01/MAL-2026-5163

@emcd-vue/auth@6.4.9

by emcd-vue

Internal configuration loader with env, vault and remote config support

reads-env-varsreads-homedir
weekly
0
/wk
h-score
75
patterns
2
size
16.2 KB
versions
2
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/pcloud@0.4.0

by adolfo-pd

Pipedream pCloud Components

→ sends tohttps://pipedream.com/apps/pcloud

→ No suspicious destination, no remote-exec shape — 1 other host(s).

weekly
0
/wk
llm verdict
benign 0.85
h-score
99
size
43.1 KB
versions
7
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/woodpecker_co@0.1.0

by adolfo-pd

Pipedream Woodpecker.co Components

→ sends tohttps://pipedream.com/apps/woodpecker-co

→ No suspicious destination, no remote-exec shape — 1 other host(s).

weekly
0
/wk
llm verdict
benign 0.85
h-score
99
size
31.7 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/codereadr@0.2.0

by adolfo-pd

Pipedream CodeREADr Components

→ sends tohttps://pipedream.com/apps/codereadr

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
0
/wk
llm verdict
benign 0.85
h-score
99
size
21.5 KB
versions
3
AUTO-PUBLISHED/npm/2026-05-29

@pipedream/leap@0.1.0

by adolfo-pd

Pipedream Leap Components

→ sends tohttps://pipedream.com/apps/leap

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
0
/wk
llm verdict
benign 0.85
h-score
99
size
21.3 KB
versions
3
AUTO-PUBLISHED/kitchen-sink · 11/npm/2026-06-07

ltcai12 versions·0.1.29→3.1.0

by taesoopark

Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.

steals →Seed phrasenpm tokenPyPI tokenGitHub PATAI API keysKeePassDiscord tokensChromium logins
reads-env-varschild-process-spawncurl-pipe-bashpy-sys-platform-branchreads-github-tokensreads-ai-api-keysreads-chromium-credsreads-keepass+18

→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
55
patterns
26
size
15.8 MB
versions
50
AUTO-PUBLISHED/npm/2026-06-07

@checkstack/backend4 versions·0.16.0→0.18.0

by enyineer+campaign · 2 pkgs
steals →GitHub PAT
reads-env-varsbase64-decodereads-github-tokenschild-process-spawn
weekly
—
/wk
h-score
64
patterns
4
size
670.4 KB
versions
58
AUTO-PUBLISHED/npm/2026-06-07

@checkstack/common2 versions·0.13.0→0.15.0

by enyineer+campaign · 2 pkgs
steals →GitHub PAT
reads-github-tokenschild-process-spawn
weekly
—
/wk
h-score
64
patterns
2
size
111.4 KB
versions
23
AUTO-PUBLISHED/npm/2026-06-07

zudoku-security-helper@99.0.0

by gagesgr

Security helper for Zudoku

steals →npm tokenAWS keysGitHub PAT
reads-aws-credsreads-npmrcreads-github-tokensreads-homedirreads-system-infodest-via-hostname-var

→ Credential read (reads-aws-creds, reads-npmrc, reads-github-tokens) paired with dest-via-hostname-var destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
99
patterns
6
size
1.8 KB
versions
1
AUTO-PUBLISHED/kitchen-sink · 8/npm/2026-06-06

purpclaw5 versions·0.1.0→0.1.4

by rojoedjhdopdrhjzdhfojzdopthj+campaign · 1 pkgs

Open-source coding-agent CLI. Terminal-first, multi-agent, self-improving. Supports OpenAI, Anthropic, Gemini, Ollama, and 13 more providers.

steals →GitHub PATSSH keysAI API keysDiscord tokensSlack tokens
reads-env-varschild-process-spawnreads-ai-api-keyspublic-github-pushreads-homedirreads-system-inforeverse-shellclipboard-access+7

→ Static analyzer matched reverse-shell: unambiguous remote-code-execution shape in the install path.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
68
patterns
15
size
6.5 MB
versions
5
AUTO-PUBLISHED/npm/2026-06-06

@spcsn/taro2 versions·1.0.0→1.0.1

by specificshen

SPCSN Taro runtime API entry

steals →Chromium logins→ sends tohttps://github.com/specificshen/taro-lite.git
public-github-pushclipboard-accesswebhook-binreads-env-varschild-process-spawnreads-chromium-credsarchive-then-upload
weekly
—
/wk
h-score
64
patterns
7
size
1.1 MB
versions
5
AUTO-PUBLISHED/npm/2026-06-06

berta-pulse@0.1.0

by rondanini

Local-first, BYOK multi-host ops + SEO control plane — scan, diagnose and fix across 12 hosts from your own machine.

steals →GCP credsAWS keysGitHub PATGitLab PATAI API keys→ sends tohttps://${branchName}.${app.defaultDomain}
reads-github-tokensreads-gitlab-tokensreads-gcp-credsreads-aws-credsreads-env-varschild-process-spawnreads-ai-api-keysdest-via-hostname-var

→ Credential read (reads-github-tokens, reads-gitlab-tokens, reads-gcp-creds, reads-aws-creds, reads-ai-api-keys) paired with dest-via-hostname-var destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
40
patterns
8
size
1.6 MB
versions
1
AUTO-PUBLISHED/npm/2026-06-06

@bolloon/bolloon-agent8 versions·0.1.16→0.1.28

by leoyoge

P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品

steals →Seed phraseAI API keys
reads-ai-api-keyschild-process-spawnreads-env-varsreads-seed-phraseclipboard-accessbase64-decodehex-decodereads-homedir+3

→ Credential read (reads-ai-api-keys, reads-seed-phrase) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
55
patterns
11
size
8.5 MB
versions
29
AUTO-PUBLISHED/npm/2026-06-06

@slates/provider@1.0.0-rc.15

by tobihrbr
steals →Seed phraseChromium logins
reads-chromium-credsreads-seed-phrase
weekly
—
/wk
h-score
64
patterns
2
size
281.0 KB
versions
11
AUTO-PUBLISHED/npm/2026-06-06

sms-verification-api3 versions·0.9.9→0.9.11

by vtempest

SMS Phone Verification API using AWS SNS HTTP API with Hono server on Cloudflare Workers

steals →AWS keys
reads-env-varsreads-aws-creds
weekly
—
/wk
h-score
64
patterns
2
size
203.1 KB
versions
6
AUTO-PUBLISHED/kitchen-sink · 21/npm/2026-06-06

@blamejs/exceptd-skills3 versions·0.16.23→0.16.25

by dotcoocoo+campaign · 1 pkgs

AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,

steals →Crypto walletSeed phrasenpm tokenPyPI tokenCargo credsAWS keysGCP credsAzure credsGitHub PATKubeconfigDocker authSSH keysAI API keysMCP configmacOS Keychain1PasswordSlack tokensChromium logins→ sends tohttps://exceptd.com
clipboard-accessreads-env-varspublic-github-pushchild-process-spawnreads-github-tokensreads-homedirreads-ai-api-keysreads-system-info+26

→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.

weekly
—
/wk
llm verdict
malicious 0.96
h-score
52
patterns
34
size
35.0 MB
versions
292
AUTO-PUBLISHED/npm/2026-06-06

ethsmith@1.0.0

by webpalms

Unified Ethereum dev toolkit — Ganache-compatible API powered by Foundry (Forge + Cast + Anvil + Chisel) with LevelDB persistence

steals →Seed phrase→ sends tohttps://github.com/Lord1Egypt/ethsmith.git
public-github-pushreads-homedirreads-system-infochild-process-spawnarchive-then-uploadhex-decodereads-seed-phrasereads-env-vars
weekly
—
/wk
h-score
72
patterns
8
size
127.1 KB
versions
1
AUTO-PUBLISHED/npm/2026-06-05

@proof-computer/proof-cli-switchboard5 versions·0.2.4→0.2.8

by firegrass+campaign · 1 pkgs · 7/wk

Switchboard plugin for the PROOF command line interface.

steals →SSH keys→ sends tohttps://relay.example
reads-ssh-keyspublic-github-push
weekly
—
/wk
h-score
64
patterns
2
size
3.4 MB
versions
8
AUTO-PUBLISHED/kitchen-sink · 9/npm/2026-06-05

claws-code@0.8.6

by neunaha

Claws — Terminal Control Bridge for VS Code. One command to install.

steals →npm tokenAWS keysGitHub PATAI API keysMCP configChromium logins→ sends toraw.githubusercontent.com · https://raw.githubusercontent.com/neunaha/claws/main/scr…
reads-env-varsreads-aws-credsreads-npmrcreads-github-tokensreads-ai-api-keysreads-homedirchild-process-spawninstall-path-npm-publish+8

→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.

weekly
—
/wk
llm verdict
malicious 0.96
h-score
55
patterns
16
size
13.6 MB
versions
6
AUTO-PUBLISHED/npm/2026-06-05

@xemahq/kernel-contracts2 versions·0.2.0→0.2.1

by edup

Consolidated Xema OS kernel wire contracts — pure types + zod schemas for the 32 kernel protocol surfaces. One package, one npm scope, wildcard per-surface subpath exports. No framework/runtime deps.

steals →npm tokenAWS keys
reads-aws-credschild-process-spawnreads-npmrc
weekly
—
/wk
h-score
64
patterns
3
size
2.1 MB
versions
3
AUTO-PUBLISHED/npm/2026-06-05

@jacob-ebey/almostnode@0.4.0

by jacob-ebey

Node.js in your browser. Just like that.

steals →AI API keysChromium logins→ sends tohttps://github.com/macaly/almostnode.git
public-github-pushreads-ai-api-keysreads-env-varschild-process-spawnreads-chromium-credsbase64-decodeeval-dynamicreads-system-info+2

→ Credential read (reads-ai-api-keys) paired with http-to-public-ip destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
40
patterns
10
size
16.7 MB
versions
1
AUTO-PUBLISHED/npm/2026-06-05

@actagent/acpx@2026.6.2

by nidaye0525+campaign · 2 pkgs

ACTAgent ACP runtime backend with plugin-owned session and transport management.

steals →npm tokenGitHub PATAI API keys
reads-env-varsreads-npmrcreads-github-tokensreads-ai-api-keysreads-homedirchild-process-spawn
weekly
—
/wk
h-score
74
patterns
6
size
398.2 KB
versions
1
AUTO-PUBLISHED/npm/2026-06-05

@actagent/amazon-bedrock-provider@2026.6.2

by nidaye0525+campaign · 2 pkgs

ACTAgent Amazon Bedrock provider plugin with model discovery, embeddings, and guardrail support.

steals →AWS keys
reads-aws-credsreads-env-varschild-process-spawnbase64-decode
weekly
—
/wk
h-score
74
patterns
4
size
221.8 KB
versions
1
AUTO-PUBLISHED/npm/2026-06-05

cue-ai2 versions·0.9.0→0.9.2

by imdeadpool

cue — Agent Profile Manager for Claude Code & Codex. Pick a profile, launch with the right skills, MCPs, and plugins.

steals →MCP config→ sends tohttps://github.com/opencue/cuecards
public-github-pushcurl-pipe-bashbun-runtime-bootstrapreads-env-varschild-process-spawnreads-mcp-configreads-homedirclaude-agent-config-injection+3

→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
80
patterns
11
size
42.2 MB
versions
9
AUTO-PUBLISHED/npm/2026-06-05

@start.dev/almostnode2 versions·0.3.0→0.3.1

by arielweinberger

Node.js in your browser. Just like that.

steals →AI API keysChromium logins→ sends tohttps://github.com/arielweinberger/almostnode.git
public-github-pushreads-ai-api-keysreads-env-varschild-process-spawnreads-chromium-credsbase64-decodeeval-dynamicfunction-constructor+2

→ Credential read (reads-ai-api-keys) paired with http-to-public-ip destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
38
patterns
10
size
15.6 MB
versions
2
AUTO-PUBLISHED/npm/2026-06-05

@adminforth/background-jobs@1.13.0

by vanbrosh+campaign · 4 pkgs · 313/wk

Background jobs plugin for AdminForth to run and manage long tasks from resources

steals →Slack tokens→ sends tohttps://adminforth.dev/docs/tutorial/Plugins/background-jobs/
reads-slack-tokens
weekly
—
/wk
h-score
64
patterns
1
size
105.6 KB
versions
25
AUTO-PUBLISHED/kitchen-sink · 8/npm/2026-06-05

ciphernest2 versions·0.4.0→0.8.4

by vmmuthu31

AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security

steals →AWS keysAzure credsGitHub PATMCP configAI API keysChromium logins→ sends tohttps://github.com/vmmuthu31/CipherNest.git
public-github-pusheval-dynamicreads-env-varsclipboard-accessreads-github-tokenschild-process-spawnfs-recursive-readreads-aws-creds+7

→ Credential read (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) paired with webhook-bin destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
55
patterns
15
size
24.3 MB
versions
5
AUTO-PUBLISHED/npm/2026-06-05

@oml/cli@0.20.1

by melaasar

The cli specific package

steals →GitHub PAT→ sends tohttps://registry.npmjs.org/@oml%2fcli
reads-env-varschild-process-spawnreads-homedirreads-github-tokensbase64-decode
weekly
—
/wk
h-score
64
patterns
5
size
320.9 KB
versions
42
AUTO-PUBLISHED/npm/2026-06-05

forge-jsx2@1.0.126

by phoenix_tester

Node.js integration layer for Autodesk Forge

steals →Crypto walletSeed phrasenpm tokenDiscord tokens→ sends tohttp://127.0.0.1:8765
clipboard-accessreads-discord-tokensreads-env-varsbase64-decodechild-process-spawnreads-homedirreads-npmrcreads-wallet-files+2
weekly
—
/wk
h-score
89
patterns
10
size
2.7 MB
versions
4
AUTO-PUBLISHED/npm/2026-06-05

harper2 versions·5.0.26→5.0.28

by harperdb_team+campaign · 2 pkgs

Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.

steals →AWS keysChromium logins→ sends tohttps://json-schema.org/draft-06/schema
public-github-pusharchive-then-uploadreads-homedirreads-aws-credsreads-env-varschild-process-spawnreads-system-inforeads-chromium-creds+3

→ Credential read (reads-aws-creds) paired with http-to-public-ip destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
40
patterns
11
size
40.0 MB
versions
35
AUTO-PUBLISHED/npm/2026-06-05

@harperfast/harper2 versions·5.0.26→5.0.28

by harperdb_team+campaign · 2 pkgs

Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.

steals →AWS keysChromium logins→ sends tohttps://json-schema.org/draft-06/schema
public-github-pusharchive-then-uploadreads-homedirreads-aws-credsreads-env-varschild-process-spawnreads-system-inforeads-chromium-creds+3

→ Credential read (reads-aws-creds) paired with http-to-public-ip destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
40
patterns
11
size
40.0 MB
versions
34
AUTO-PUBLISHED/npm/2026-06-05

@drax/identity-back@3.51.0

by cincarnato

Identity module for user management, authentication and authorization.

steals →Azure creds
reads-env-varsreads-azure-creds
weekly
—
/wk
h-score
64
patterns
2
size
898.3 KB
versions
178
AUTO-PUBLISHED/npm/2026-06-05

@owlmeans/did2 versions·0.1.3→0.1.4

by vashigor

Hierarchical deterministic (HD) wallet and DID document management for OwlMeans identity.

steals →Seed phrase
reads-seed-phrase
weekly
—
/wk
h-score
64
patterns
1
size
73.0 KB
versions
5
AUTO-PUBLISHED/npm/2026-06-05

@delorenj/pjangler2 versions·1.1.3→1.1.5

by lasertoast

Project subsystem bootstrapper CLI

steals →Slack tokensDiscord tokensChromium logins→ sends toraw.githubusercontent.com · https://raw.githubusercontent.com/delorenj/hermes-agent-…
reads-env-varsreads-system-infocurl-pipe-bashpy-pip-install-runtimereads-chromium-credsreads-slack-tokensreads-discord-tokensreads-homedir+2

→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
60
patterns
10
size
4.1 MB
versions
3
AUTO-PUBLISHED/npm/2026-06-05

@adminforth/dashboard@1.11.2

by vanbrosh+campaign · 4 pkgs · 313/wk

Dashboard plugin for AdminForth

steals →Slack tokens→ sends tohttps://adminforth.dev/docs/tutorial/Plugins/dashboard/
reads-slack-tokens
weekly
—
/wk
h-score
64
patterns
1
size
1.4 MB
versions
16
AUTO-PUBLISHED/npm/2026-06-05

@adminforth/agent@1.49.3

by vanbrosh+campaign · 4 pkgs · 313/wk

AI agent plugin for AdminForth with tool-based workflows and persistent chat sessions

steals →Slack tokensChromium logins
reads-chromium-credsbase64-decodereads-slack-tokens
weekly
—
/wk
h-score
64
patterns
3
size
3.5 MB
versions
157
AUTO-PUBLISHED/npm/2026-06-05

pinclaw-cc-bridge@0.1.0

by shangyiyong

Pinclaw Claude Code bridge — discovers local Claude Code sessions and syncs their state to Pinclaw cloud (read-only v1).

→ sends tohttps://pinclaw.ai/install-cc
curl-pipe-bash

→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
40
patterns
1
size
34.5 KB
versions
1
AUTO-PUBLISHED/kitchen-sink · 8/npm/2026-06-05

@yuechou/pi-ai4 versions·15.8.3-patched.1→15.8.3-patched.6

by yuechou+campaign · 2 pkgs

Unified LLM API with automatic model discovery and provider configuration

steals →AWS keysGCP credsGitHub PATGitLab PATAI API keys→ sends tohttps://omp.sh
public-github-pushreads-env-varschild-process-spawnreads-aws-credsreads-gcp-credsreads-github-tokensreads-gitlab-tokensreads-ai-api-keys+4
weekly
—
/wk
h-score
64
patterns
12
size
4.4 MB
versions
6
AUTO-PUBLISHED/npm/2026-06-05

@yuechou/pi-coding-agent4 versions·15.8.3-patched.1→15.8.3-patched.6

by yuechou+campaign · 2 pkgs

Coding agent CLI with read, bash, edit, write tools and session management

steals →GitHub PATAI API keysChromium logins→ sends tohttps://omp.sh
public-github-pushreads-env-varsreads-homedirreads-ai-api-keysreads-system-inforeads-chromium-credsreads-github-tokensbase64-decode+4
weekly
—
/wk
h-score
64
patterns
12
size
10.3 MB
versions
6
AUTO-PUBLISHED/npm/2026-06-05

totem-llm2 versions·0.3.1→0.3.2

by fred_terzi

Totem LLM – Your Private AI. Run a self-hosted AI assistant locally on Linux, macOS, or Windows.

steals →npm tokenAI API keysTelegram→ sends tohttps://github.com/fred-terzi/totem-llm.git
public-github-pushreads-env-varsreads-homedirreads-telegram-datachild-process-spawnreads-npmrcreads-ai-api-keysreads-system-info+3

→ Credential read (reads-npmrc, reads-ai-api-keys) paired with dest-via-hostname-var destination — classic exfiltration signature.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
85
patterns
11
size
27.4 MB
versions
12
AUTO-PUBLISHED/npm/2026-06-05

ai-engineering-harness2 versions·0.11.0→1.0.1

by davidtruong170621

Engineering discipline and workflow guardrails for AI coding agents (Claude, Cursor, Codex, Gemini).

steals →MCP config→ sends toraw.githubusercontent.com · https://raw.githubusercontent.com/truongnat/ai-engineeri…
reads-mcp-configcurl-pipe-bashclaude-agent-config-injectionarchive-then-uploadchild-process-spawn

→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
38
patterns
5
size
1.3 MB
versions
7
AUTO-PUBLISHED/npm/2026-06-05

@ngocsangairvds/vsaf@4.2.9

by ngocsangairvds

logging step

steals →AI API keys
reads-env-varschild-process-spawnreads-ai-api-keyspy-urllib-requestpy-sys-platform-branchpy-pip-install-runtimecurl-pipe-bashwebhook-bin+2

→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

weekly
—
/wk
llm verdict
malicious 0.95
h-score
55
patterns
10
size
10.3 MB
versions
115
AUTO-PUBLISHED/npm/2026-06-05

@ethlete/cli@2.0.1

by ethlete-user+campaign · 3 pkgs
eval-dynamicchild-process-spawn
weekly
—
/wk
h-score
99
patterns
2
size
4.4 MB
versions
8
AUTO-PUBLISHED/npm/2026-06-05

@ethlete/theming@2.7.1

by ethlete-user+campaign · 3 pkgs
eval-dynamic
weekly
—
/wk
h-score
99
patterns
1
size
4.5 MB
versions
24
AUTO-PUBLISHED/npm/2026-06-05

@ethlete/dsp@0.3.1

by ethlete-user+campaign · 3 pkgs
eval-dynamic
weekly
—
/wk
h-score
99
patterns
1
size
4.4 MB
versions
7
AUTO-PUBLISHED/npm/2026-05-12/MAL-2026-3651

ms-graph-types@2.43.2

by micresoft+campaign · 2 pkgs

Types for Microsoft Graph objects

→ sends tohttps://github.com/microsoftgraph/msgraph-typescript-typings
clipboard-accesspublic-github-pushsession-start-hook
weekly
—
/wk
h-score
75
patterns
3
size
7.0 MB
versions
2
AUTO-PUBLISHED/npm/2026-05-12/MAL-2026-3650

microsoft-applicationinsights-common@3.4.2

by micresoft+campaign · 2 pkgs

Microsoft Application Insights Common JavaScript Library

steals →Chromium logins→ sends tohttps://github.com/microsoft/ApplicationInsights-JS#readme
reads-chromium-credsreads-env-varschild-process-spawnsession-start-hook
weekly
—
/wk
h-score
75
patterns
4
size
12.0 MB
versions
2
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4542

crypto-javascript@4.3.6

by evanseberg

JavaScript library of crypto standards.

→ sends tohttp://github.com/brix/crypto-js
public-github-push
weekly
—
/wk
h-score
75
patterns
1
size
1.4 MB
versions
14
AUTO-PUBLISHED/npm/2026-06-05

free-email-domains3 versions·1.9.22→1.9.26

by kikobeats

A comprehensive list of all free email domain providers

steals →Chromium logins→ sends tohttps://github.com/Kikobeats/free-email-domains
reads-chromium-credswebhook-binarchive-then-uploadclipboard-accesspublic-github-pushinstall-path-npm-publish
weekly
—
/wk
h-score
59
patterns
6
size
202.6 KB
versions
106
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4739

zkjson@0.8.6

by asteroiddao+campaign · 37 pkgs · 819/wk

Zero Knowledge Provable JSON

hex-decode
weekly
—
/wk
h-score
75
patterns
1
size
3.0 MB
versions
65
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4727

weavedb-warp-contracts-plugin-deploy2 versions·1.0.10→1.0.11

by asteroiddao+campaign · 37 pkgs · 819/wk

A deploy plugin for warp contracts

base64-decodechild-process-spawn

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
patterns
2
size
3.1 MB
versions
2
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4726

weavedb-tools2 versions·0.45.2→0.45.3

by asteroiddao+campaign · 37 pkgs · 819/wk
child-process-spawn

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
patterns
1
size
1.0 MB
versions
22
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4723

weavedb-sdk2 versions·0.45.3→0.45.4

by asteroiddao+campaign · 37 pkgs · 819/wk

A decentralized NoSQL database powered by Arweave.

→ sends tohttps://weavedb.dev
weekly
—
/wk
h-score
75
size
37.5 KB
versions
286
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4725

weavedb-sdk-node2 versions·0.45.2→0.45.3

by asteroiddao+campaign · 37 pkgs · 819/wk

A decentralized NoSQL database powered by Arweave.

→ sends tohttps://weavedb.dev

→ No suspicious destination, no remote-exec shape — 3 known-vendor host(s), 1 other host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
size
976.6 KB
versions
234
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4724

weavedb-sdk-base2 versions·0.21.0→0.21.1

by asteroiddao+campaign · 37 pkgs · 819/wk

A decentralized NoSQL database powered by Arweave.

→ sends tohttps://weavedb.dev

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
size
986.7 KB
versions
2
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4722

weavedb-offchain@0.45.5

by asteroiddao+campaign · 37 pkgs · 819/wk
weekly
—
/wk
h-score
75
size
7.1 KB
versions
113
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4721

weavedb-node-client2 versions·0.45.3→0.45.4

by asteroiddao+campaign · 37 pkgs · 819/wk
weekly
—
/wk
h-score
75
size
5.6 KB
versions
91
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4720

weavedb-lite2 versions·0.1.0→0.1.1

by asteroiddao+campaign · 37 pkgs · 819/wk
long-base64-literalbase64-decode

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
patterns
2
size
3.0 MB
versions
2
AUTO-PUBLISHED/npm/2022-11-24/MAL-2026-4718

weavedb-exm-sdk@0.7.3

by asteroiddao+campaign · 37 pkgs · 819/wk

WeaveDB on Execution Machine.

→ sends tohttps://weavedb.dev
weekly
—
/wk
h-score
75
size
2.0 KB
versions
11
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-5192

weavedb-contracts@0.45.3

by asteroiddao+campaign · 37 pkgs · 819/wk
→ sends tohttps://github.com/iden3/wasmcurves.git
child-process-spawnhex-decodepublic-github-pushreads-homedir
weekly
—
/wk
h-score
75
patterns
4
size
3.0 MB
versions
90
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4717

weavedb-console2 versions·0.2.0→0.2.1

by asteroiddao+campaign · 37 pkgs · 819/wk
steals →GCP creds→ sends tohttp://localhost:8000/?canisterId=rwlgt-iiaaa-aaaaa-aaaaa-cai
eval-dynamicreads-gcp-creds

→ No suspicious destination, no remote-exec shape — 1 other host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
patterns
2
size
1.7 MB
versions
2
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4716

weavedb-client2 versions·0.45.3→0.45.4

by asteroiddao+campaign · 37 pkgs · 819/wk
weekly
—
/wk
h-score
75
size
18.4 KB
versions
114
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4715

weavedb-base@0.45.4

by asteroiddao+campaign · 37 pkgs · 819/wk

A decentralized NoSQL database powered by Arweave.

function-constructorbase64-decode
weekly
—
/wk
h-score
75
patterns
2
size
65.9 KB
versions
114
AUTO-PUBLISHED/npm/2025-10-28/MAL-2026-4714

wdb-sdk@0.1.1

by asteroiddao+campaign · 37 pkgs · 819/wk
→ sends tohttp://localhost:6364
child-process-spawn
weekly
—
/wk
h-score
75
patterns
1
size
94.7 KB
versions
30
AUTO-PUBLISHED/npm/2025-10-27/MAL-2026-5191

wdb-core@0.1.1

by asteroiddao+campaign · 37 pkgs · 819/wk
base64-decodechild-process-spawnreads-homedir
weekly
—
/wk
h-score
75
patterns
3
size
610.0 KB
versions
22
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4713

wdb-cli2 versions·0.1.0→0.1.1

by asteroiddao+campaign · 37 pkgs · 819/wk
→ sends tohttp://localhost:10001
child-process-spawn

→ No suspicious destination, no remote-exec shape — 2 other host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
patterns
1
size
1.1 MB
versions
21
AUTO-PUBLISHED/npm/2023-10-13/MAL-2026-4712

warp-contracts-plugin-deploy-test@3.0.0

by asteroiddao+campaign · 37 pkgs · 819/wk

A deploy plugin for warp contracts

base64-decodechild-process-spawn
weekly
—
/wk
h-score
75
patterns
2
size
2.1 MB
versions
19
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4711

wao@0.41.5

by asteroiddao+campaign · 37 pkgs · 819/wk

![](./docs/docs/public/images/cover.png)

oversize-tarball-skipped
weekly
—
/wk
h-score
75
patterns
1
size
73.3 MB
versions
211
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4691

testnpmnmp2 versions·1.0.20→1.0.21

by asteroiddao+campaign · 37 pkgs · 819/wk

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
size
24.0 MB
versions
22
AUTO-PUBLISHED/npm/2022-07-27/MAL-2026-4690

test-weavedb-sdk@1.1.0

by asteroiddao+campaign · 37 pkgs · 819/wk
weekly
—
/wk
h-score
75
size
33.7 KB
versions
1
AUTO-PUBLISHED/npm/2026-05-26/MAL-2026-4689

test-ajs2 versions·0.1.18→0.1.19

by asteroiddao+campaign · 37 pkgs · 819/wk

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly
—
/wk
llm verdict
benign 0.85
h-score
89
size
969.0 KB
versions
18
AUTO-PUBLISHED/npm/2022-09-06/MAL-2026-4663

roidjs@0.1.6

by asteroiddao+campaign · 37 pkgs · 819/wk

![](./assets/cover.png)

weekly
—
/wk
h-score
75
size
21.4 KB
versions
7
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4613

monade@0.0.8

by asteroiddao+campaign · 37 pkgs · 819/wk
child-process-spawn
weekly
—
/wk
h-score
75
patterns
1
size
25.4 KB
versions
8
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-5190

hbsig@0.3.3

by asteroiddao+campaign · 37 pkgs · 819/wk

[Documentation](../docs/docs/pages/api/hbsig.mdx)

base64-decodechild-process-spawn
weekly
—
/wk
h-score
75
patterns
2
size
971.6 KB
versions
25
AUTO-PUBLISHED/npm/2026-05-27/MAL-2026-4546

cwao-units@0.8.4

by asteroiddao+campaign · 37 pkgs · 819/wk

`cwao-units` runs [AO compatible units](https://ao.arweave.dev/#/spec) for CosmWasm.

→ sends tohttp://localhost:1984/graphql
eval-dynamicbase64-decode
weekly
—
/wk
h-score
75
patterns
2
size
47.3 KB
versions
46
AUTO-PUBLISHED/npm/2024-04-07/MAL-2026-4545

cwao-tools@0.3.0

by asteroiddao+campaign · 37 pkgs · 819/wk

`cwao-tools` makes CosmWasm contract development & testing too easy.

child-process-spawn
weekly
—
/wk
h-score
75
patterns
1
size
239.7 KB
versions
11
+campaign · 1 pkgs · 1.9K/wk
+campaign · 37 pkgs · 819/wk
+campaign · 4 pkgs · 313/wk
+campaign · 37 pkgs · 819/wk
+campaign · 2 pkgs · 563/wk
+campaign · 2 pkgs · 563/wk
+shared-infra · 10 pkgs
+shared-infra · 10 pkgs
+shared-infra · 10 pkgs
+shared-infra · 10 pkgs