@bonsai-ai/claude-code

MAL-2026-4370

npmtyposquat5/19/2026
Description

Malicious code in @bonsai-ai/claude-code (npm)

Indicators of Compromise
SHA256 Hashes (4)
365480cb6843112d60aab619260ad727b156905aa3b30704b30702ab7e52fe49
45e11d6524e8ecda8e2a909ab1934c93332adf5c121a5b9458da5baa2d601a60
ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9
dc394b5fb662f6be1c98d310e76341a6877c334fdd8c007a58c7cf75227e8761
Details
Ecosystemnpm
Attack Typetyposquat
Published5/19/2026
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001