npm

poc-publish-test-su-doughnym @0.0.1

Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 8:23 PM UTC

Malicious

OSV ID

MAL-2026-6413

Ecosystem

npm

Summary

Package contains no observed installer-side harmful behavior. No exfiltration, no install-time fetch-and-execute, no silent-relay, no credential collection, and no known-bad infrastructure references were found. The package name suggests a publish/proof-of-concept test artifact with minimal content.

Source: amazon-inspector (3e75d35af77b8871936717cc37537673789177cdd056f7f4d2c21c32b2be5f65)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.