@uniconvex/dotenv

MAL-2026-829

npmmalware2/10/2026
Description

Malicious code in @uniconvex/dotenv (npm)

Indicators of Compromise
SHA256 Hashes (2)
c25cec372f2ffdfc9d89128d3fa523193d51c1644a4377c4e077805574af0fcb
a9923bfe725516dd977cac2af8acddb303e705ef37278ce10e2b84027511df62
References (1)
https://github.com/advisories/GHSA-5hc6-4g5j-c3q2OSV
Details
Ecosystemnpm
Attack Typemalware
Published2/10/2026
Affected Versions
0
Aliases
GHSA-5hc6-4g5j-c3q2
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001