plugin-react-swc

MAL-2026-424

npmmalware1/21/2026
Description

Malicious code in plugin-react-swc (npm)

Indicators of Compromise
SHA256 Hashes (3)
cba9afea98505469e9b9f36095ab566e5cd857b54255290d9defa67c40c62adb
197cedd065670a6a39b4401d52b2a636d5ff18f26c378b571770286a807ec467
8cdc34f6837f5000020cf619977261c8b0bdb5628a099dba55b0d3ff750c1d13
References (2)
https://github.com/advisories/GHSA-w743-w2hh-6f23OSVhttps://www.veracode.com/blog/54-new-npm-packages-found-beaconing-to-c2-server-in-ethereum-smart-contractOSV
Details
Ecosystemnpm
Attack Typemalware
Published1/21/2026
Affected Versions
0
Aliases
GHSA-w743-w2hh-6f23
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001