npm
Malicious nf-promise-state-machine @99.0.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-2376
Ecosystem
npm
Summary
The package nf-promise-state-machine was found to contain malicious code.
Source: amazon-inspector (dc012f9411ceaa957f4b364f6b1443d3244155de13f5fc0ccb759ad682bd0ae7)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.