dotenv-expanded

MAL-2026-415

npmmalware1/21/2026
Description

Malicious code in dotenv-expanded (npm)

Indicators of Compromise
SHA256 Hashes (3)
8c545865cdbec4a05b0f51103dd3560d60c3f43b818465e4a935a47bf84078d2
e9e36cd005779e12b645b7ec5f6e65df1edae7c6d86736507cd1feacec1ef7cf
15375af632a499e3c08b9c1710fcd73c19e34795c616b5f283925e86442ee633
References (1)
https://github.com/advisories/GHSA-94jw-vmxc-vv4vOSV
Details
Ecosystemnpm
Attack Typemalware
Published1/21/2026
Affected Versions
0
Aliases
GHSA-94jw-vmxc-vv4v
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001