Feed
HighPublished 3 Jul 202614 packages · 73 versions

GitHub Advisory malware sweep — 14 npm packages (TypeScript/API util family, SQL/node-cloud scoped cluster, `@lodash-en` typosquat) taken down 2026-07-03

Summary

On 2026-07-03 GitHub's Advisory Database dropped 14 CWE-506 Embedded Malicious Code advisories against npm packages, all retired inside a ~30-minute window (15:36–16:06 UTC). The sweep spans three distinct micro-clusters: an unscoped *-node-utils / *-api-* TypeScript/API-helper family (5 packages, 20+ versions), a SQL-and-cloud scoped cluster on personal namespaces (@sql-access/, @sqlite-node/, @sql-trigger/, @node-cloud/), and three miscellaneous typosquats including @lodash-en/lodash-en. npm replaced every name with 0.0.1-security.

typosquatcredential-theft
Detected by
GitHub Advisory Database · npm Security
Also known as
2026-07-03 GHSA npm sweep
Ecosystems
npm
Packages tracked
14

What happened

Between 2026-07-03 15:36 UTC and 16:06 UTC — a tight ~30-minute window — GitHub's Advisory Database published 14 malware advisories against npm packages. Every record uses CWE-506 (Embedded Malicious Code) with the standard "any computer that has this package installed or running should be considered fully compromised — rotate all secrets from a different computer" boilerplate. No payload write-up is included in any of the GHSA texts, so defenders should treat the install-time behaviour as unanalysed and assume worst case for anything that reached a build host.

Three micro-clusters, one sweep

The 14 advisories cluster into three groups by naming and time:

  • 15:57–16:06 UTC — TypeScript/API utility family (5 unscoped packages). api-node-utils@2.2.4, api-ts-utils@1.0.03.5.9 (9 versions), web-api-node@1.3.2/1.3.3, ts-node-utils@8.0.1/8.0.4/8.0.6, typescript-util-core@3.5.07.1.6 (4 versions). All published 2026-04-22 → 2026-05-04, all retired within the same 9-minute window on 2026-07-03. The name shapes — generic *-node-utils / *-api-* — read as one operator farming the "TypeScript/Node utility helper" naming space with plausible drop-in slugs.
  • 15:57–15:58 UTC — SQL / node-cloud scoped cluster (4 scoped packages). @sql-access/nodesql (17 versions, 2026-06-02 → 2026-06-23), @sqlite-node/createsql (16 versions, 2026-06-03 → 2026-06-23), @sql-trigger/nodesql (3 versions, 2026-06-03 → 2026-06-23), @node-cloud/create (7 versions, 2026-06-03 → 2026-06-29). Each scope hosts exactly one package — throwaway namespaces sized to hold one malware slot each. The near-daily republish cadence (16 versions in 21 days for @sqlite-node/createsql) is characteristic of a persistence-driven operator rebuilding after every automated npm flag.
  • 15:36–15:57 UTC — Miscellaneous typosquats (5 packages). @jacobtan/decode-sdk@1.0.0 (2026-02-21), decode-sdks@1.0.01.0.3 (2026-02-21), @lodash-en/lodash-en@1.4.11/1.5.0 (2026-03-04), alder_morrgan@1.0.0/1.0.1 (2025-12-01), @antoncarlos1/nodelamp@1.0.0/1.0.1 (2026-06-02). Longest-lived member: alder_morrgan at 7 months. @lodash-en/lodash-en is the sweep's clearest brand collision — a scoped fake-lodash slug that has been live since March.

Contrast with the 2026-07-02 sweep

The 2026-07-02 GHSA sweep retired 9 packages across three sub-clusters (Tailwind/Animate.css typosquats, db-* / cache-* fake-utility quartet, vitest-agent, @modhamanish/rn-mm-template) with take-down bursts spread over ~5 hours. The 2026-07-03 sweep compresses 14 retirements into ~30 minutes — GitHub is clearly triaging these as bulk reports rather than one-by-one confirmations. Combined July 2026 npm-malware count for just the first three days: 32 packages across 23 advisories.

Attribution and downstream links

No campaign attribution is public for any of the 14 packages as of 2026-07-04. The tight time clustering and the shared "unremarkable utility slug" pattern suggests either a single operator or a small ring, but the GHSA texts do not name a threat actor and no vendor (Socket, JFrog, Phylum, Wiz, Aikido) has published a write-up specific to this sweep yet. Whether any of these packages tie back to Miasma / TeamPCP / Hades / the SafeDep-tracked oob.moika.tech family that has driven most 2026 npm malware activity is not established in public research as of 2026-07-04.

Registry state

Every package now resolves to a 0.0.1-security holding tarball owned by npm Security. Historical version tarballs remain fetchable from the CDN as of 2026-07-04 and should be treated as live malware in any lockfile hit — the CDN retention window for withdrawn npm versions typically runs 24–72 hours after the security replacement lands.

Affected packages (14)

  • npm@antoncarlos1/nodelamp
    1.0.01.0.1
  • npm@jacobtan/decode-sdk
    1.0.0
  • npm@lodash-en/lodash-en
    1.4.111.5.0
  • npm@node-cloud/create
    1.0.01.0.11.0.21.0.31.0.41.0.51.0.6
  • npm@sql-access/nodesql
    1.0.01.0.31.0.51.0.61.0.71.0.81.0.91.1.01.1.11.1.21.1.31.1.41.1.51.1.61.1.71.1.81.1.9
  • npm@sql-trigger/nodesql
    1.0.01.0.11.0.2
  • npm@sqlite-node/createsql
    1.0.11.0.21.0.31.0.41.0.51.0.61.0.71.0.81.0.91.1.01.1.11.1.21.1.31.1.41.1.51.1.7
  • npmalder_morrgan
    1.0.01.0.1
  • npmapi-node-utils
    2.2.4
  • npmapi-ts-utils
    1.0.02.1.32.1.43.2.13.2.23.4.73.4.83.4.93.5.9
  • npmdecode-sdks
    1.0.01.0.11.0.21.0.3
  • npmts-node-utils
    8.0.18.0.48.0.6
  • npmtypescript-util-core
    3.5.07.1.37.1.57.1.6
  • npmweb-api-node
    1.3.21.3.3

Impact

  • Any host that installed any of the 14 listed packages should be treated as fully compromised — every GHSA record uses the boilerplate "rotate all secrets from a different computer" language and no patched version exists
  • The api-ts-utils, ts-node-utils, typescript-util-core, web-api-node, and api-node-utils family was published between 2026-04-22 and 2026-05-04 — up to 73 days sat in the registry before the 2026-07-03 GHSA take-down. api-ts-utils alone shipped 9 versions in a 12-day burst (1.0.03.5.9, 2026-04-22 → 2026-05-04) — anyone who resolved this family in Q2 2026 should assume compromise for that build host
  • @lodash-en/lodash-en@1.4.11 / 1.5.0 typosquats the ubiquitous lodash utility library (~40M weekly downloads) by hiding under a fake "lodash-en" scope — a plausible slug for an "English-language lodash fork" that a developer might paste in without a second look. The versions shipped 2026-03-04, sitting live for ~4 months before take-down
  • The scoped SQL cluster (@sql-access/nodesql, @sqlite-node/createsql, @sql-trigger/nodesql, @node-cloud/create) shipped 40+ combined versions between 2026-06-02 and 2026-06-29 — near-daily republish cadence typical of a persistence-driven malware operator rebuilding after each npm auto-flag. @sql-access/nodesql and @sqlite-node/createsql each shipped 16–17 versions, both hitting 1.1.x before the take-down
  • decode-sdks (unscoped) + @jacobtan/decode-sdk (scoped) are paired by name — same "decode SDK" concept, same 2026-02-21 publish date — and were retired within 24 seconds of each other (15:36:53 UTC → 15:37 UTC). Both were live for ~4.5 months before take-down; anyone who resolved either between Feb and July 2026 should treat the build host as compromised
  • alder_morrgan@1.0.0 / 1.0.1 (snake_case, unusual) shipped 2025-12-01 — the oldest in the sweep at 7 months live. The publisher chose an unusual name convention that would slip typosquat scanners looking for standard kebab-case brand collisions

What to do

  1. 1Remove every reference to any package in the packages map below from package.json, lockfiles, CI image layers, and committed node_modules
  2. 2If your build ever resolved any of the *-node-utils, *-ts-utils, *-api-* names in Q2 2026: these are not legitimate utility libraries — the mainstream slugs are ts-node, tsx, and @types/node. Rotate every credential the build runner could reach from a separate clean device
  3. 3The legitimate lodash package is lodash (unscoped), and its English-language docs live at lodash.com@lodash-en/lodash-en is not a lodash publisher scope. Any lockfile that references it should be treated as a supply-chain incident
  4. 4If you resolved decode-sdks or @jacobtan/decode-sdk between 2026-02-21 and 2026-07-03: 4.5 months of live time — assume long-running exfil from anything the build host could reach. Rotate every credential and re-image the build runner
  5. 5Verify none of the 14 listed packages still resolves via your private mirror — internal Artifactory / Nexus / Verdaccio instances routinely cache tarballs and will continue to serve the malicious versions after the public yank
  6. 6Add the *-node-utils, *-api-*, @sql-*, @sqlite-node, @node-cloud, and @lodash-* name prefixes to a package-name allowlist review gate — the naming space around generic TypeScript / SQL / cloud helpers is being farmed for typosquats and personal-scope malware slots

References

npm-2026-07-03-ghsa-malware-sweep