replicate-js

MAL-2026-427

npmmalware1/21/2026
Description

Malicious code in replicate-js (npm)

Indicators of Compromise
SHA256 Hashes (2)
658bf1d6aa22bb672e5ae9724e34b94ee7ff73e7cd4381ff4a6a8c9c2d1267fa
f84c6cb090eb31f1b2c516b45419d7833bca83f5546d22444032d28a07d27f40
References (1)
https://github.com/advisories/GHSA-qfp4-ffv5-3xrgOSV
Details
Ecosystemnpm
Attack Typemalware
Published1/21/2026
Affected Versions
0
Aliases
GHSA-qfp4-ffv5-3xrg
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001