npm
Malicious rio-design-tokens @99.99.100
Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 5:20 AM UTC
OSV ID
MAL-2026-6956
Ecosystem
npm
Summary
The OpenSSF Package Analysis project identified 'rio-design-tokens' @ 99.99.100 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.
Source: ossf-package-analysis (e83e18c7c88cb4c0e488342a49e4d0733087fa7e7ea7e833f1fbb6e8fbf5a35e)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.