wot-api

MAL-2026-3591

npmmalware5/12/2026

Description

Malicious code in wot-api (npm)

Indicators of Compromise

SHA256 Hashes (2)

bd781e61a7ca728623c44a900ca22a8cc58de2b93bcd797aeebe453ee6fa4f80

5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5

Domains (4)

git-tanstack.comfilev2.getsession.orgapi.masscan.cloudseed1.getsession.org

References (6)

https://github.com/advisories/GHSA-x868-v497-jfjjOSV https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromisedOSV https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystemOSV https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attackOSV https://tanstack.com/blog/npm-supply-chain-compromise-postmortemOSV https://snyk.io/blog/tanstack-npm-packages-compromised/OSV

Details

Ecosystemnpm

Attack Typemalware

Published5/12/2026

Aliases

GHSA-x868-v497-jfjj

Quick Actions

All Incidents npm Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001