GitHub Advisory malware sweep — 9 npm packages (tailwind/animate typosquats, db-* cluster, `vitest-agent`) taken down 2026-07-02
On 2026-07-02 GitHub's Advisory Database dropped 9 CWE-506 Embedded Malicious Code advisories against npm packages published between 2026-05-24 and 2026-07-01. Three distinct micro-clusters were retired within minutes of each other: a Tailwind/animate typosquat trio (animatecss-postcss-plugin, tailwind-animates, tailwind-typography-stylecss), a db-* / cache-* fake-utility quartet, and the standalone vitest-agent Vitest typosquat plus one scoped React Native template. npm replaced every name with a 0.0.1-security holding tarball.
- Detected by
- GitHub Advisory Database · npm Security
- Also known as
- 2026-07-02 GHSA npm sweep
- Ecosystems
- npm
- Packages tracked
- 9
What happened
Between 2026-07-02 09:47 UTC and 14:55 UTC, GitHub's Advisory Database published 9 malware advisories against npm packages. Every record uses CWE-506 (Embedded Malicious Code) with the standard "any computer that has this package installed or running should be considered fully compromised — rotate all secrets from a different computer" boilerplate. No payload write-up is included in any of the GHSA texts, so defenders should treat the install-time behaviour as unanalysed and assume worst case for anything that reached a build host.
Three take-down bursts within five hours
The 9 advisories cluster into three distinct time buckets, and each bucket read as its own report:
- 09:47 UTC —
vitest-agent(GHSA-w2r4-4x6j-3h5x). Three versions (1.0.0published 2026-06-25,1.0.5and1.0.6both 2026-07-01) taken down within 24 hours of the last push. Straight-up Vitest typosquat. - *13:16 UTC — `db-
/cache-` quartet.*db-convertor@1.0.5,db-connector-log@1.0.0+1.0.1,cache-section-helper@1.0.7,db-plog@1.0.0+1.0.1— GHSA advisoriesGHSA-p467-3jcx-48q5,GHSA-w7hw-9wmw-hj5w,GHSA-wg39-m2jm-wxhp,GHSA-j49r-84jx-vq3mpublished within a 20-second window. Package upload dates span 2026-06-10 → 2026-06-30, so the operator sat on the registry for up to 22 days before the yank. - 14:55 UTC — Tailwind / Animate.css typosquat trio.
animatecss-postcss-plugin@1.0.0+1.0.1(both 2026-06-02),tailwind-animates@1.0.1(2026-06-03),tailwind-typography-stylecss@0.8.3(2026-05-24) — GHSAGHSA-p6ch-cw7w-ff5c,GHSA-3cr6-gpr8-pjfm,GHSA-p258-w6jm-c6ffpublished within a 30-second window. All three names collide with legitimate CSS-tooling brands:tailwindcss-animate(singular),@tailwindcss/typography, andpostcss-preset-envare the correct spellings.
The fourth ID in the same window — @modhamanish/rn-mm-template@≤1.1.3 (GHSA-7v96-p295-826q) — does not fit any of the three sub-clusters. The scope is a personal namespace, and the package published 8+ visible versions across 5 months (2026-01-02 → 2026-05-15) before being flagged. The React Native "template" identity looks like a supply-chain long play rather than a same-week typosquat push.
Overlap with prior sweeps
- The 2026-06-30 GHSA sweep (see
npm-2026-06-30-ghsa-malware-sweep) yankedpostcss-property-rollup,chai-as-persisted,chai-as-assured, and 15 other CSS / typosquat brands under the same CWE-506 template. The 2026-07-02 sweep continues the same triage cadence — GitHub is retiring these in daily-to-every-other-day batches, and the total July 2026 npm-malware count is on track to exceed the June sweep. - No campaign attribution is public for any of the 9 packages. The Tailwind trio's tight 30-second GHSA window and the
db-*quartet's 20-second window suggest coordinated single-actor reports rather than a mass sweep of unrelated submissions. Whether either cluster ties back to Miasma / TeamPCP or the SafeDep-trackedoob.moika.techdep-confusion family is not established in public research as of 2026-07-03.
Registry state
Every package now resolves to a 0.0.1-security holding tarball owned by npm Security. tailwind-typography-stylecss@0.8.3 remains listed on the package page alongside the holding tarball, which is unusual — the historical version is still fetchable from the CDN as of 2026-07-03 and should be treated as live malware in any lockfile hit.
Affected packages (9)
- npm
@modhamanish/rn-mm-template1.0.11.0.21.0.31.0.41.0.51.1.01.1.11.1.21.1.3 - npm
animatecss-postcss-plugin1.0.01.0.1 - npm
cache-section-helper1.0.7 - npm
db-connector-log1.0.01.0.1 - npm
db-convertor1.0.5 - npm
db-plog1.0.01.0.1 - npm
tailwind-animates1.0.1 - npm
tailwind-typography-stylecss0.8.3 - npm
vitest-agent1.0.01.0.51.0.6
Impact
- Any host that installed any of the listed packages should be treated as fully compromised — every GHSA record uses the boilerplate "rotate all secrets from a different computer" language and no patched version exists
vitest-agent@1.0.0/1.0.5/1.0.6typosquats the widely-usedvitesttest runner (~20M weekly downloads) — a plausible slug for a "vitest-adjacent CI helper" that a developer might paste intopackage.jsonwithout a second lookanimatecss-postcss-plugin,tailwind-animates, andtailwind-typography-stylecsspiggy-back on the Tailwind CSS and Animate.css ecosystems — three parallel typosquats retired in the same 30-second window on 2026-07-02 (14:55 UTC) suggest one operator hedging autocomplete drift across three CSS-tooling naming spaces- The
db-*quartet (db-convertor,db-connector-log,db-plog,cache-section-helper) shipped on 2026-06-10 → 2026-06-30 and were all retired in a single 20-second GHSA burst on 2026-07-02 (13:16 UTC) — the near-simultaneous take-down indicates GitHub triaged them as one report even though the names read as unrelated database / caching helpers @modhamanish/rn-mm-templateshipped 8+ visible versions between 2026-01-02 and 2026-05-15 under a scoped React Native "template" identity before its 2026-07-02 take-down — a long-lived brand rather than a one-off push, which raises the odds that boilerplate-scanner CI ingested the malware at some point in that 5-month window
What to do
- 1Remove every reference to any package in the packages map below from
package.json, lockfiles, CI image layers, and committednode_modules - 2If your build ever resolved
vitest-agent: this is not a legitimate Vitest utility — the official test runner isvitest, and thevitest-agentslug is now the malware slot. Rotate every credential the build runner could reach from a separate clean device - 3CSS tooling: the legitimate Tailwind slugs are
tailwindcss,@tailwindcss/*, andtailwindcss-animate(note the trailing singular-animate, not-animates). The legitimate PostCSS + Animate.css bridge isanimate.csspublished under scope-freeanimate.css— neveranimatecss-postcss-plugin - 4React Native developers who pinned
@modhamanish/rn-mm-templateat any point in 2026-01 → 2026-05 should treat the build host as compromised, roll new Google Play / App Store signing keys from a separate clean device, and hunt for exfil to any host contacted during apod install/metro startin that window - 5Verify none of the listed packages still resolves via your private mirror — internal Artifactory / Nexus / Verdaccio instances routinely cache tarballs and will continue to serve the malicious version after the public yank
- 6Add the
vitest-agent,tailwind-animates,animatecss-postcss-plugin, anddb-*prefixes to a package-name allowlist review gate — the naming space around Vitest, Tailwind, and genericdb-*helpers is being farmed for typosquats
References
- GitHubGitHub Advisory Database — recent npm malware advisoriesgithub.com
- GitHubGHSA-p6ch-cw7w-ff5c — animatecss-postcss-plugin malware advisorygithub.com
- GitHubGHSA-3cr6-gpr8-pjfm — tailwind-animates malware advisorygithub.com
- GitHubGHSA-p258-w6jm-c6ff — tailwind-typography-stylecss malware advisorygithub.com
- GitHubGHSA-p467-3jcx-48q5 — db-convertor malware advisorygithub.com
- GitHubGHSA-w7hw-9wmw-hj5w — db-connector-log malware advisorygithub.com
- GitHubGHSA-wg39-m2jm-wxhp — cache-section-helper malware advisorygithub.com
- GitHubGHSA-j49r-84jx-vq3m — db-plog malware advisorygithub.com
- GitHubGHSA-w2r4-4x6j-3h5x — vitest-agent malware advisorygithub.com
- GitHubGHSA-7v96-p295-826q — @modhamanish/rn-mm-template malware advisorygithub.com