yelp-react-component-badge

MAL-2026-2010

npmmalware3/21/2026
Description

Malicious code in yelp-react-component-badge (npm)

Indicators of Compromise
SHA256 Hashes (3)
8b6dade7daa9669ae0230e60fbdcca448ec07c3e0386b27e324be83e525cadca
abec06c903f4139ed298b19b96521401231e6bd0cc306e5e7015d971d5a4260a
9e4f00f80ae6e79d16c4c97ebba886dfd77573075409034aebf88fef21ab83a9
References (1)
https://github.com/advisories/GHSA-fr9v-hm5m-rv52OSV
Details
Ecosystemnpm
Attack Typemalware
Published3/21/2026
Affected Versions
0
Aliases
GHSA-fr9v-hm5m-rv52
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001