SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalnpm·malware·osv

Malicious code in rookie-security-test-pkg (npm)

rookie-security-test-pkg

Published Jun 1, 2026, 08:30 PM

Risk score

92

AI summary

Indexed incident for rookie-security-test-pkg (npm).

Description

The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Technical details

Indicators

affected version<function fixed() { [native code] }75%

Timeline

Jun 1, 08:30 PMAdvisory published
Jun 2, 06:41 AMIndexed by ThreatPkg

Related incidents