→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
52
patterns
34
size
35.0 MB
versions
292
AUTO-PUBLISHED/npm/
ethsmith@1.0.0
by webpalms
Unified Ethereum dev toolkit — Ganache-compatible API powered by Foundry (Forge + Cast + Anvil + Chisel) with LevelDB persistence
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
55
patterns
16
size
13.6 MB
versions
6
AUTO-PUBLISHED/npm/
@jacob-ebey/almostnode@0.4.0
by jacob-ebey
Node.js in your browser. Just like that.
steals →AI API keysChromium logins→ sends tohttps://github.com/macaly/almostnode.git
The Aztec CLI `aztec-cli` is a command-line interface (CLI) tool for interacting with Aztec. It provides various commands for deploying contracts, creating accounts, interacting with contracts, and retrieving blockchain data.
Aztec is a package that allows for a simple development environment on Aztec stack. It creates a Private eXecution Environment (PXE) that listens for HTTP requests on `localhost:8080` by default. When started, it deploys all necessary L1 Aztec contracts a
The `@trackunit/iris-app` package is a plugin for [NX by @nrwl](https://nx.dev/). This plugin adds some helpful generators used to set up a Trackunit Iris App project.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
64
patterns
5
size
435.5 KB
versions
1076
AUTO-PUBLISHED/npm/
nodmix4 versions·2026.5.30→2026.5.35
by nodmix
Nodmix, the Supreme CEO Founder AI Agent. A large language model created and developed by Mehdi Faraj.
Personal AI assistant powered by Antigravity, AI-E, Claude, Claude E, Codex, Codex App, Cursor, Gemini, Grok, OpenCode, and Copilot — Web, Terminal, Telegram, and Discord interfaces with 107 built-in skills
steals →AI API keys1PasswordTelegram→ sends tohttps://github.com/lidge-jun/cli-jaw.git