npm

json-lucide @1.0.8

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC

Malicious

OSV ID

MAL-2026-2200

Ecosystem

npm

Summary

The package json-lucide was found to contain malicious code.

Source: amazon-inspector (12d05056fbe7eca08a66d7297aac2b03763073361f0cb33c238a4463f64a0867)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.