@brokenzzz/garfish

MAL-2026-329

npmmalware1/19/2026
Description

Malicious code in @brokenzzz/garfish (npm)

Indicators of Compromise
SHA256 Hashes (3)
da2632ea4eb30c060caf4578f2014ac9c8b3bbc1d5f433d6cbe55778e2af666e
d357b148f23b1917c8d9b30afb0a067acdcdf988ca7b7f8a382726ba3e31b439
17aa548686f82e84d4dcca19f88d20e2989a3e83c8f29fac4afb0ed579784cf1
References (1)
https://github.com/advisories/GHSA-vxcp-cr2c-vq4rOSV
Details
Ecosystemnpm
Attack Typemalware
Published1/19/2026
Affected Versions
0
Aliases
GHSA-vxcp-cr2c-vq4r
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001