npm

progerss-cli @3.12.0

Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 1:25 AM UTC

Malicious

OSV ID

MAL-2026-5343

Ecosystem

npm

Summary

Package name 'progerss-cli' resembles the common spelling 'progress-cli' via a two-character transposition, which is a typical typosquat shape. No exfiltration, dropper, credential access, or other installer-harm behavior was observed in the scanned files, and no lifecycle scripts were identified. Without a confirmed payload, name similarity alone is not sufficient to block, but the naming pattern warrants human review to assess intent and impact on installers who mistype a target package name.

Source: amazon-inspector (ea4c1c3b9761cfe244327e4937c18585ef6fc901df383b24c3f0e148c195e8f7)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.