chai-async-promised

MAL-2026-719

npmmalware2/4/2026
Description

Malicious code in chai-async-promised (npm)

Indicators of Compromise
SHA256 Hashes (3)
949d65449dde41f4b6d633601071217d97b2964dd9b53ea2fbaf7948accbb5e3
3b03e745920fbf2f3b25c5f9bcd2cd6814de348ff5ae3a0c5d8832f2494b2770
3f4ab075e6420b394412cdd2398e860173e3a964f82931f1df27dc0a8d28b203
References (1)
https://github.com/advisories/GHSA-37qg-vpf9-mc8hOSV
Details
Ecosystemnpm
Attack Typemalware
Published2/4/2026
Affected Versions
0
Aliases
GHSA-37qg-vpf9-mc8h
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001