sign-client

MAL-2026-429

npmmalware1/21/2026

Description

Malicious code in sign-client (npm)

Indicators of Compromise

SHA256 Hashes (2)

d46bf80205dc64dc9e6d65d1208f0b6e1a978d8dfdd555fbb2c9eb31805df69c

e300b5f52fc165080a7c0a9eee170ee453c31a0419dc65e004a64b0749b699cf

References (1)

Details

Ecosystemnpm

Attack Typemalware

Published1/21/2026

Affected Versions

Aliases

GHSA-h5ch-v4cm-8vfg

Quick Actions

Ready for Agentic Automated Testing?