npm

@marketfront/captchaservice @7.0.0

Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC

Malicious

OSV ID

MAL-2026-6769

Ecosystem

npm

Summary

Package @marketfront/captchaservice@7.0.0 could not be fully characterized from automated evidence. No a static rule findings are recorded, and while automated code tracing engaged and read files from the package, its output was withheld by the provider's malware-content safety filter — a signal that the traced content resembled operational malware but which does not, on its own, identify a specific installer-harm mechanism (exfil endpoint, credential path, dropper URL, backdoor). Without a named data source, named destination, or named install/import-time execution path, the record does not meet the bar for a public block verdict. The scope ( @marketfront ) and package name ( captchaservice ) do not correspond to a known-legitimate widely-used package family, and the safety-filter trigger warrants a human look at the tarball contents before this version is trusted in a build pipeline.

Source: amazon-inspector (8cd0b252facfe0d6e08c857f30067c00ba09b8423773b1181d6ce78ebba8b749)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.