chai-sub

MAL-2026-588

npmmalware1/28/2026
Description

Malicious code in chai-sub (npm)

Indicators of Compromise
SHA256 Hashes (3)
94d4e0fa1548915ba6f77782a735206056554990f47f65aadc5781a23474b855
9a9fb8daf2c61a42d820b2e0f8a846b9f2c95ed6a1cdc4c19a7d80f3398b4a21
f3e2d4f78210208a2383250b52f911088883d5c49bff5c897e33c2b1fbe784d8
References (1)
https://github.com/advisories/GHSA-jqjg-xrc8-j5wpOSV
Details
Ecosystemnpm
Attack Typemalware
Published1/28/2026
Affected Versions
0
Aliases
GHSA-jqjg-xrc8-j5wp
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001