npm
Malicious nodemon-async @3.1.13
Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 9:46 AM UTC
OSV ID
MAL-2026-10454
Ecosystem
npm
Summary
The package was found to contain malicious code or consuming dependency that contains malicious code
Source: amazon-inspector (adb05cacc2c6d1059d9ee1d433398f8e39314ce83aed1429582e5fbb47e8f13a)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.