@su-doughnym/metrics-js

MAL-2026-6409

npmmalware6/25/2026
Description

Malicious code in @su-doughnym/metrics-js (npm)

Indicators of Compromise
SHA256 Hashes (1)
c1b02acc9d8d069bfdf5db415cb18c33e05ffdcd577532cfc3dbd112e4d9a6f6
Details
Ecosystemnpm
Attack Typemalware
Published6/25/2026
Aliases
GHSA-wj6x-p526-mv2w
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001