npm

enquriers @2.4.2

Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 1:25 AM UTC

Malicious

OSV ID

MAL-2026-5384

Ecosystem

npm

Summary

Package name 'enquriers' closely resembles the widely-used 'enquirer' package (transposed/added characters), suggesting potential name-confusion risk. No malicious payload, exfiltration, dropper, credential access, or install-time code execution was identified in the package contents. Without a concrete installer-harm mechanism, name-similarity alone is a subjective signal that warrants human review rather than automated blocking.

Source: amazon-inspector (7c7f041bb6800c0c765683543b18f204299e64265c3d9124c54f7f0169b53348)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.