Ecosystem	Package	Version

Vulnerabilities

sonatype-2026-000605

sonatype-2026-000605

Malicious Packages - Thu Feb 26 2026 [Dropper]

Published Feb 26, 2026

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-1057.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-1103.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-1104.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-1107.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-1111.json

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	argonist	0.41.0
npm	bcryptance	6.5.2
npm	bee-quarl	0.0.1-security
npm	bee-quarl	2.1.2
npm	bubble-core	0.0.1-security
npm	bubble-core	6.26.2
npm	corstoken	2.14.7
npm	daytonjs	1.11.20
npm	ether-lint	5.9.4
npm	expressjs-lint	5.3.2
npm	fastify-lint	5.8.0
npm	formmiderable	0.0.1-security
npm	formmiderable	3.5.7
npm	hapi-lint	19.1.2
npm	iosysredis	5.13.2
npm	jslint-config	10.22.2
npm	jsnwebapptoken	8.40.2
npm	kafkajs-lint	2.21.3
npm	loadash-lint	4.17.24
npm	mqttoken	0.0.1-security
npm	mqttoken	5.40.2
npm	prism-lint	7.4.2
npm	promanage	6.0.21
npm	sequelization	6.40.2
npm	typoriem	0.4.17
npm	undicy-lint	7.23.1
npm	uuindex	13.1.0
npm	vitetest-lint	4.1.21
npm	windowston	0.0.1-security
npm	windowston	3.19.2
npm	zoddle	4.4.2

sonatype-2026-000605 | Components Impacted | Sonatype Guide | Sonatype Guide