Feed
HighPublished 2 Jul 20269 packages · 22 versions

GitHub Advisory malware sweep — 9 npm packages (tailwind/animate typosquats, db-* cluster, `vitest-agent`) taken down 2026-07-02

Summary

On 2026-07-02 GitHub's Advisory Database dropped 9 CWE-506 Embedded Malicious Code advisories against npm packages published between 2026-05-24 and 2026-07-01. Three distinct micro-clusters were retired within minutes of each other: a Tailwind/animate typosquat trio (animatecss-postcss-plugin, tailwind-animates, tailwind-typography-stylecss), a db-* / cache-* fake-utility quartet, and the standalone vitest-agent Vitest typosquat plus one scoped React Native template. npm replaced every name with a 0.0.1-security holding tarball.

typosquatcredential-theft
Detected by
GitHub Advisory Database · npm Security
Also known as
2026-07-02 GHSA npm sweep
Ecosystems
npm
Packages tracked
9

What happened

Between 2026-07-02 09:47 UTC and 14:55 UTC, GitHub's Advisory Database published 9 malware advisories against npm packages. Every record uses CWE-506 (Embedded Malicious Code) with the standard "any computer that has this package installed or running should be considered fully compromised — rotate all secrets from a different computer" boilerplate. No payload write-up is included in any of the GHSA texts, so defenders should treat the install-time behaviour as unanalysed and assume worst case for anything that reached a build host.

Three take-down bursts within five hours

The 9 advisories cluster into three distinct time buckets, and each bucket read as its own report:

  • 09:47 UTC — vitest-agent (GHSA-w2r4-4x6j-3h5x). Three versions (1.0.0 published 2026-06-25, 1.0.5 and 1.0.6 both 2026-07-01) taken down within 24 hours of the last push. Straight-up Vitest typosquat.
  • *13:16 UTC — `db- / cache-` quartet.* db-convertor@1.0.5, db-connector-log@1.0.0 + 1.0.1, cache-section-helper@1.0.7, db-plog@1.0.0 + 1.0.1 — GHSA advisories GHSA-p467-3jcx-48q5, GHSA-w7hw-9wmw-hj5w, GHSA-wg39-m2jm-wxhp, GHSA-j49r-84jx-vq3m published within a 20-second window. Package upload dates span 2026-06-10 → 2026-06-30, so the operator sat on the registry for up to 22 days before the yank.
  • 14:55 UTC — Tailwind / Animate.css typosquat trio. animatecss-postcss-plugin@1.0.0 + 1.0.1 (both 2026-06-02), tailwind-animates@1.0.1 (2026-06-03), tailwind-typography-stylecss@0.8.3 (2026-05-24) — GHSA GHSA-p6ch-cw7w-ff5c, GHSA-3cr6-gpr8-pjfm, GHSA-p258-w6jm-c6ff published within a 30-second window. All three names collide with legitimate CSS-tooling brands: tailwindcss-animate (singular), @tailwindcss/typography, and postcss-preset-env are the correct spellings.

The fourth ID in the same window — @modhamanish/rn-mm-template@≤1.1.3 (GHSA-7v96-p295-826q) — does not fit any of the three sub-clusters. The scope is a personal namespace, and the package published 8+ visible versions across 5 months (2026-01-02 → 2026-05-15) before being flagged. The React Native "template" identity looks like a supply-chain long play rather than a same-week typosquat push.

Overlap with prior sweeps

  • The 2026-06-30 GHSA sweep (see npm-2026-06-30-ghsa-malware-sweep) yanked postcss-property-rollup, chai-as-persisted, chai-as-assured, and 15 other CSS / typosquat brands under the same CWE-506 template. The 2026-07-02 sweep continues the same triage cadence — GitHub is retiring these in daily-to-every-other-day batches, and the total July 2026 npm-malware count is on track to exceed the June sweep.
  • No campaign attribution is public for any of the 9 packages. The Tailwind trio's tight 30-second GHSA window and the db-* quartet's 20-second window suggest coordinated single-actor reports rather than a mass sweep of unrelated submissions. Whether either cluster ties back to Miasma / TeamPCP or the SafeDep-tracked oob.moika.tech dep-confusion family is not established in public research as of 2026-07-03.

Registry state

Every package now resolves to a 0.0.1-security holding tarball owned by npm Security. tailwind-typography-stylecss@0.8.3 remains listed on the package page alongside the holding tarball, which is unusual — the historical version is still fetchable from the CDN as of 2026-07-03 and should be treated as live malware in any lockfile hit.

Affected packages (9)

  • npm@modhamanish/rn-mm-template
    1.0.11.0.21.0.31.0.41.0.51.1.01.1.11.1.21.1.3
  • npmanimatecss-postcss-plugin
    1.0.01.0.1
  • npmcache-section-helper
    1.0.7
  • npmdb-connector-log
    1.0.01.0.1
  • npmdb-convertor
    1.0.5
  • npmdb-plog
    1.0.01.0.1
  • npmtailwind-animates
    1.0.1
  • npmtailwind-typography-stylecss
    0.8.3
  • npmvitest-agent
    1.0.01.0.51.0.6

Impact

  • Any host that installed any of the listed packages should be treated as fully compromised — every GHSA record uses the boilerplate "rotate all secrets from a different computer" language and no patched version exists
  • vitest-agent@1.0.0 / 1.0.5 / 1.0.6 typosquats the widely-used vitest test runner (~20M weekly downloads) — a plausible slug for a "vitest-adjacent CI helper" that a developer might paste into package.json without a second look
  • animatecss-postcss-plugin, tailwind-animates, and tailwind-typography-stylecss piggy-back on the Tailwind CSS and Animate.css ecosystems — three parallel typosquats retired in the same 30-second window on 2026-07-02 (14:55 UTC) suggest one operator hedging autocomplete drift across three CSS-tooling naming spaces
  • The db-* quartet (db-convertor, db-connector-log, db-plog, cache-section-helper) shipped on 2026-06-10 → 2026-06-30 and were all retired in a single 20-second GHSA burst on 2026-07-02 (13:16 UTC) — the near-simultaneous take-down indicates GitHub triaged them as one report even though the names read as unrelated database / caching helpers
  • @modhamanish/rn-mm-template shipped 8+ visible versions between 2026-01-02 and 2026-05-15 under a scoped React Native "template" identity before its 2026-07-02 take-down — a long-lived brand rather than a one-off push, which raises the odds that boilerplate-scanner CI ingested the malware at some point in that 5-month window

What to do

  1. 1Remove every reference to any package in the packages map below from package.json, lockfiles, CI image layers, and committed node_modules
  2. 2If your build ever resolved vitest-agent: this is not a legitimate Vitest utility — the official test runner is vitest, and the vitest-agent slug is now the malware slot. Rotate every credential the build runner could reach from a separate clean device
  3. 3CSS tooling: the legitimate Tailwind slugs are tailwindcss, @tailwindcss/*, and tailwindcss-animate (note the trailing singular -animate, not -animates). The legitimate PostCSS + Animate.css bridge is animate.css published under scope-free animate.css — never animatecss-postcss-plugin
  4. 4React Native developers who pinned @modhamanish/rn-mm-template at any point in 2026-01 → 2026-05 should treat the build host as compromised, roll new Google Play / App Store signing keys from a separate clean device, and hunt for exfil to any host contacted during a pod install / metro start in that window
  5. 5Verify none of the listed packages still resolves via your private mirror — internal Artifactory / Nexus / Verdaccio instances routinely cache tarballs and will continue to serve the malicious version after the public yank
  6. 6Add the vitest-agent, tailwind-animates, animatecss-postcss-plugin, and db-* prefixes to a package-name allowlist review gate — the naming space around Vitest, Tailwind, and generic db-* helpers is being farmed for typosquats

References

npm-2026-07-02-ghsa-malware-sweep