Feed
HighPublished 26 Jun 20264 packages · 7 versions

npm typosquat sweep — `pump-stream-logger`, `pump-laserstream-parser`, `pino-zod`, `rollup-plugin-polyfill-connect` yanked

Summary

On 2026-06-26 npm yanked four malicious typosquat packages within hours of each other — pump-stream-logger, pump-laserstream-parser, and pino-zod were taken down within a 10-second window at 05:10 UTC, and rollup-plugin-polyfill-connect followed at 12:16 UTC. All four are GHSA-classified as CWE-506 Embedded Malicious Code; the package names target the Helius Solana streaming SDK, the Pino logger family, the Zod validation library, and the rollup-plugin-polyfill-node Rollup plugin.

typosquatcredential-theftcrypto-wallet-drain
Detected by
GitHub Advisory Database · npm Security
Also known as
2026-06-26 GHSA sweep
Ecosystems
npm
Packages tracked
4

What happened

On 2026-06-26, GitHub's Advisory Database published four CWE-506 Embedded Malicious Code advisories against npm packages whose names typosquat well-known upstream libraries. Three of the four (pump-stream-logger, pump-laserstream-parser, pino-zod) were yanked by npm within a 10-second window at 05:10:13–05:10:23 UTC — same automated takedown sweep, almost certainly the same researcher report — and replaced with 0.0.1-security holders. The fourth, rollup-plugin-polyfill-connect, was yanked separately at 12:16 UTC the same day, likely a different report bundled into the same advisory batch.

The typosquat targets

  • pump-stream-logger (1.0.0, published 2026-06-24 05:21 UTC) — typosquats the Helius stream-pump Solana data-streaming SDK used by Pump.fun token-tracker bots. Operators who paste-deploy bot code from GitHub gists are the obvious victim profile.
  • pump-laserstream-parser (2.0.0, published 2026-06-24 05:09 UTC) — typosquats the Helius LaserStream ultra-low-latency Solana data feed. Same victim pool as above.
  • pino-zod (1.0.121, 1.0.122, published 2026-06-22 21:29 UTC and 2026-06-23 04:41 UTC) — fuses the names of two of the most-installed Node packages on npm (Pino, the structured logger; Zod, the schema validator). The high 1.0.121 starting version makes it look like a mature, well-maintained adapter package; both flagged versions ship malicious code.
  • rollup-plugin-polyfill-connect (1.0.1, 1.0.2, 1.0.3, published 2026-04-23 through 2026-04-29) — typosquats rollup-plugin-polyfill-node, FredKSchott's widely-used Rollup polyfill plugin (~600K weekly downloads). The -connect suffix rides on developer mental association with the Node connect middleware ecosystem.

Why these matter even at low download counts

The published download counts for the three Solana / logger typosquats are small (each shows a single 1.0.0 / 2.0.0 / 1.0.121 release before the security holder). But typosquats do not need volume to be dangerous — they need a single high-value hit. A Pump.fun bot operator paste-deploying a code snippet from a GitHub gist, or a front-end developer pasting a rollup-plugin-polyfill- autocomplete suggestion into a vite.config.js, is the realistic target. The GHSA recommendation is unambiguous: every host that installed the package should be treated as fully compromised.

Disclosure timeline

  • 2026-04-23 – 2026-04-29rollup-plugin-polyfill-connect@1.0.1 through 1.0.3 published.
  • 2026-06-22 21:29 UTCpino-zod@1.0.121 published.
  • 2026-06-23 04:41 UTCpino-zod@1.0.122 published.
  • 2026-06-24 05:09 UTCpump-laserstream-parser@2.0.0 published.
  • 2026-06-24 05:21 UTCpump-stream-logger@1.0.0 published.
  • 2026-06-26 05:10:13–05:10:23 UTC — npm yanks pump-stream-logger, pump-laserstream-parser, and pino-zod in a 10-second automated sweep.
  • 2026-06-26 12:16 UTC — npm yanks rollup-plugin-polyfill-connect.
  • 2026-06-26 — GitHub publishes GHSA-64m4-w85f-wrjj, GHSA-cwr6-c222-8hwf, GHSA-j7hj-qc4f-x92f, and GHSA-97cf-xxww-v429 for the four packages, all classified as CWE-506 Embedded Malicious Code with the same "rotate all secrets" guidance.

Affected packages (4)

  • npmpino-zod
    1.0.1211.0.122
  • npmpump-laserstream-parser
    2.0.0
  • npmpump-stream-logger
    1.0.0
  • npmrollup-plugin-polyfill-connect
    1.0.11.0.21.0.3

Impact

  • Any host that installed any of the four packages should be treated as fully compromised — GitHub's advisory text recommends rotating every secret and key from a separate clean device
  • pump-stream-logger / pump-laserstream-parser typosquat Helius LaserStream / Solana stream-pump packages used by Solana Pump.fun token-tracker bots — wallet keys, private RPC tokens, and the host's on-chain operating capital are the obvious targets
  • pino-zod typosquats two of the most-installed logging + validation libraries in the Node ecosystem (Pino has >250M weekly downloads, Zod >50M); the name combines them to ride autocomplete from common pino-* plugins
  • rollup-plugin-polyfill-connect typosquats the FredKSchott rollup-plugin-polyfill-node Rollup plugin (~600K weekly downloads); any Rollup-based front-end build that picked up the wrong slug shipped attacker code into a production bundle

What to do

  1. 1Remove every reference to pump-stream-logger, pump-laserstream-parser, pino-zod, and rollup-plugin-polyfill-connect from package.json, lockfiles, CI image layers, and committed node_modules
  2. 2Re-install using the legitimate upstream names — @helius-labs/laserstream-sdk (npm) / helius-laserstream (crates) for Solana streaming, pino and zod directly (no fused package needed), and rollup-plugin-polyfill-node (no -connect suffix)
  3. 3For Solana / Pump.fun bot operators that installed pump-stream-logger or pump-laserstream-parser between 2026-06-24 (first publish) and 2026-06-26 05:10 UTC (yank): rotate Helius API keys and RPC tokens, audit wallet activity on every hot wallet reachable from the host, and re-seed any wallet whose private key sat in .env or the shell environment
  4. 4For Rollup users that pulled rollup-plugin-polyfill-connect between 2026-04-23 (first publish) and 2026-06-26 12:16 UTC (yank): rebuild any production bundles with the legitimate plugin and audit the deployed JavaScript for unexpected runtime fetches
  5. 5Verify the affected packages do not resolve via your private mirror — many internal Artifactory / Nexus / Verdaccio instances cache npm tarballs and will continue to serve the malicious version after the public yank

References

npm-2026-06-26-pump-pino-rollup-typosquat-sweep