New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
CRITICAL npm Malware

Malicious code in wsh4-nmp (npm)

MAL-2026-6792

Published · Modified

Description


__

Source: ossf-package-analysis (e7eb1e1d0cace271eb14fb5f939e271fbe915ec9edd4413c85367c79296532ee)

The OpenSSF Package Analysis project identified 'wsh4-nmp' @ 1.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

Ready to move

Start Securing

Free, no credit card | First findings in minutes