npm

rio-design-tokens @99.99.100

Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 5:20 AM UTC

Malicious

OSV ID

MAL-2026-6956

Ecosystem

npm

Summary

The OpenSSF Package Analysis project identified 'rio-design-tokens' @ 99.99.100 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.

Source: ossf-package-analysis (e83e18c7c88cb4c0e488342a49e4d0733087fa7e7ea7e833f1fbb6e8fbf5a35e)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.