npm
Malicious poc-publish-test-su-doughnym @0.0.1
Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 8:23 PM UTC
OSV ID
MAL-2026-6413
Ecosystem
npm
Summary
Package contains no observed installer-side harmful behavior. No exfiltration, no install-time fetch-and-execute, no silent-relay, no credential collection, and no known-bad infrastructure references were found. The package name suggests a publish/proof-of-concept test artifact with minimal content.
Source: amazon-inspector (3e75d35af77b8871936717cc37537673789177cdd056f7f4d2c21c32b2be5f65)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.