@tailwind-core/oxide-linux-x64-gnu @4.3.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-4448
Ecosystem
npm
Summary
The package name '@tailwind-core/oxide-linux-x64-gnu' impersonates the legitimate Tailwind CSS v4 oxide engine package '@tailwindcss/oxide-linux-x64-gnu' published under the tailwindlabs scope. Version 4.3.0 mirrors Tailwind's release line, increasing the chance of accidental adoption via typo or dependency-confusion. The repository URL in package.json points to 'github.com/QaLemos/tailwind-core.git', a personal account with no relationship to the tailwindlabs publisher. The package ships a single 2.9 MB native binary 'tailwind-core-oxide.linux-x64-gnu.node' declared as main ; on require() , Node loads the native module via napi_register_module_v1 and executes attacker-controlled code. No source is shipped, so the binary's behavior cannot be inspected. The combination of an exact-scope-rename of a top-tier package, version-line mirroring, publisher mismatch, and an opaque native payload that executes on require is the typosquat-with-payload shape: name confusion supplies the distribution, and the unverifiable native binary supplies the import-time execution surface.
Source: amazon-inspector (a107a0746f2f5159d661e4d332eac53f871b9d22f80caf5863bdd713e252ae00)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.