MAL-2026-10117: Malicious code in nodemon-slint (npm)
The nodemon-slint package on npm contains malicious code that fully compromises any computer on which it is installed or running. The compromise may allow an attacker full control over the affected…
Read the full articleYou might also wanna read
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users o

Malicious node-ipc versions published to npm in suspected maintainer account compromise
On May 14, 2026, multiple malicious versions of the popular npm package node-ipc were published to the npm registry. Current public reportin
Yet another malicious package found in npm, targeting cryptocurrency wallets
Cryptocurrency wallet developer Komodo has been in the news recently as the most recent victim of an attempted cryptocurrency attack by mali
DuckDB npm packages 1.3.3 and 1.29.2 compromised with cryptocurrency-targeting malware
The DuckDB distribution for [Node.js]( on [npm]( was compromised with malware (along with [several other packages](

Comments
Sign in to join the conversation.
No comments yet. Be the first.