Ecosystem	Package	Version

Vulnerabilities

sonatype-2026-000386

sonatype-2026-000386

Malicious Packages - Tue Feb 10 2026 [Info Stealer]

Published Feb 10, 2026

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/PyPI/MAL-2026-826.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-857.json

CVSS ScoreMedium

5.3

Ecosystem	Package	Version


npm	charswap	7.2.7
npm	contact-button-podlet	5.8.5
npm	dev_ppe-test	1.0.0
npm	dotjsenv	1.1.7
npm	dotnetenv	1.1.7
npm	favorite-frontend	6.8.5
npm	frontpage-layout-v2	4.8.6
npm	js-coauth	7.2.7
npm	js-copack	1.1.7
npm	js-copack	1.1.8
npm	js-copack	7.2.7
npm	js-cotype	4.1.4
npm	js-multer	5.1.7
npm	js-nodecat	1.0.7
npm	js-repack	5.1.0
npm	js-unpack	1.1.7
npm	js-unpack	1.1.8
npm	js-uponcaps	7.2.7
npm	json-getin	7.2.7
npm	json-oauth	7.2.7
npm	json-prop	2.0.7
npm	json-ptype	1.1.7
npm	json-swap	7.2.7
npm	jsonauth	7.2.7
npm	jsonauthcap	7.2.7
npm	jsonauto	5.1.0
npm	jsoncap	5.1.0
npm	jsonrecap	3.1.8
npm	jsonretype	7.2.7
npm	jsonretype	7.2.8
npm	jsonretype	7.2.9
npm	jsonucap	5.1.0
npm	jsonupon	7.2.7
npm	jsonupper	5.1.0
npm	jsonwebauth	1.1.7
npm	jsswapper	7.2.7
npm	jstoauto	5.1.0
npm	jsxswap	7.2.7
npm	jwt-pack	1.1.7
npm	jwt-prop	2.0.7
npm	jwtdotenv	7.2.7
npm	jwtenv	1.1.7
npm	messaging-frontend	6.8.45
npm	ncodeauth	1.1.7
npm	ncodeauth	1.1.8
npm	nodemon-pkg	5.1.1
npm	nodemon-pkg	5.1.2
npm	osopackage	0.0.1-security
npm	osopackage	10.0.0
npm	rce-pkg-2	1.0.0

sonatype-2026-000386 | Components Impacted | Sonatype Guide | Sonatype Guide