byte-parser

MAL-2026-3846

npmmalware5/19/2026
Description

Malicious code in byte-parser (npm)

Indicators of Compromise
SHA256 Hashes (2)
ffab22689007686aed902c7d7c1b63b3f17f53a1f54fe99866337e2c99d68ea6
847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df
References (5)
https://github.com/advisories/GHSA-wfmp-rqvg-5fjrOSVhttps://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/OSVhttps://socket.dev/blog/antv-packages-compromisedOSVhttps://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/OSVhttps://opensourcemalware.com/blog/teampcp-compromises-npm-maintainer-with-over-540-packagesOSV
Details
Ecosystemnpm
Attack Typemalware
Published5/19/2026
Aliases
GHSA-wfmp-rqvg-5fjr
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001