CRITICAL npm Malware
Malicious code in @_wnpm/wnpm-cli (npm)
MAL-2026-2420
Published ยท Modified
Description
__
Source: amazon-inspector (9729c3c0a6c625f2d6cc79833205a4331647989fa84d85bdd158924af91020fd)
The package @_wnpm/wnpm-cli was found to contain malicious code.
Source: ossf-package-analysis (645ee324a93e8ebd1dbd9003186b577d1b6f76f0263f730950d26741cbc8e74c)
The OpenSSF Package Analysis project identified '@_wnpm/wnpm-cli' @ 1.0.0 (npm) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
Ready to move
Start Securing
Free, no credit card | First findings in minutes