mcp-server-todo
MAL-2026-2328
npmmalware4/1/2026
Description
Malicious code in mcp-server-todo (npm)
Indicators of Compromise
SHA256 Hashes (2)
d2e2326574c0d2811c6c20ff1523ad04fc4bdb6f062080751acdca4a592c68b0
5f426e9e8a841f37f765614c031a1b4f56bb7ee1c8d5ed51b2aeb27a261edce9
References (1)
Details
Ecosystemnpm
Attack Typemalware
Published4/1/2026
Affected Versions
0
Aliases
GHSA-hppm-xxp9-54h7
Quick Actions