@bonsai-ai/claude-code
MAL-2026-4370
npmtyposquat5/19/2026
Description
Malicious code in @bonsai-ai/claude-code (npm)
Indicators of Compromise
SHA256 Hashes (4)
365480cb6843112d60aab619260ad727b156905aa3b30704b30702ab7e52fe49
45e11d6524e8ecda8e2a909ab1934c93332adf5c121a5b9458da5baa2d601a60
ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9
dc394b5fb662f6be1c98d310e76341a6877c334fdd8c007a58c7cf75227e8761
Details
Ecosystemnpm
Attack Typetyposquat
Published5/19/2026
Quick Actions