@jacobtan/decode-sdk

MAL-2026-6738

npmmalware7/3/2026
Description

Malicious code in @jacobtan/decode-sdk (npm)

Indicators of Compromise
SHA256 Hashes (1)
a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924
Details
Ecosystemnpm
Attack Typemalware
Published7/3/2026
Aliases
GHSA-3mg6-vg6x-m62v
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001