GitHub Advisory malware sweep — 14 npm packages (TypeScript/API util family, SQL/node-cloud scoped cluster, `@lodash-en` typosquat) taken down 2026-07-03
On 2026-07-03 GitHub's Advisory Database dropped 14 CWE-506 Embedded Malicious Code advisories against npm packages, all retired inside a ~30-minute window (15:36–16:06 UTC). The sweep spans three distinct micro-clusters: an unscoped *-node-utils / *-api-* TypeScript/API-helper family (5 packages, 20+ versions), a SQL-and-cloud scoped cluster on personal namespaces (@sql-access/, @sqlite-node/, @sql-trigger/, @node-cloud/), and three miscellaneous typosquats including @lodash-en/lodash-en. npm replaced every name with 0.0.1-security.
- Detected by
- GitHub Advisory Database · npm Security
- Also known as
- 2026-07-03 GHSA npm sweep
- Ecosystems
- npm
- Packages tracked
- 14
What happened
Between 2026-07-03 15:36 UTC and 16:06 UTC — a tight ~30-minute window — GitHub's Advisory Database published 14 malware advisories against npm packages. Every record uses CWE-506 (Embedded Malicious Code) with the standard "any computer that has this package installed or running should be considered fully compromised — rotate all secrets from a different computer" boilerplate. No payload write-up is included in any of the GHSA texts, so defenders should treat the install-time behaviour as unanalysed and assume worst case for anything that reached a build host.
Three micro-clusters, one sweep
The 14 advisories cluster into three groups by naming and time:
- 15:57–16:06 UTC — TypeScript/API utility family (5 unscoped packages).
api-node-utils@2.2.4,api-ts-utils@1.0.0→3.5.9(9 versions),web-api-node@1.3.2/1.3.3,ts-node-utils@8.0.1/8.0.4/8.0.6,typescript-util-core@3.5.0→7.1.6(4 versions). All published 2026-04-22 → 2026-05-04, all retired within the same 9-minute window on 2026-07-03. The name shapes — generic*-node-utils/*-api-*— read as one operator farming the "TypeScript/Node utility helper" naming space with plausible drop-in slugs. - 15:57–15:58 UTC — SQL / node-cloud scoped cluster (4 scoped packages).
@sql-access/nodesql(17 versions, 2026-06-02 → 2026-06-23),@sqlite-node/createsql(16 versions, 2026-06-03 → 2026-06-23),@sql-trigger/nodesql(3 versions, 2026-06-03 → 2026-06-23),@node-cloud/create(7 versions, 2026-06-03 → 2026-06-29). Each scope hosts exactly one package — throwaway namespaces sized to hold one malware slot each. The near-daily republish cadence (16 versions in 21 days for@sqlite-node/createsql) is characteristic of a persistence-driven operator rebuilding after every automated npm flag. - 15:36–15:57 UTC — Miscellaneous typosquats (5 packages).
@jacobtan/decode-sdk@1.0.0(2026-02-21),decode-sdks@1.0.0→1.0.3(2026-02-21),@lodash-en/lodash-en@1.4.11/1.5.0(2026-03-04),alder_morrgan@1.0.0/1.0.1(2025-12-01),@antoncarlos1/nodelamp@1.0.0/1.0.1(2026-06-02). Longest-lived member:alder_morrganat 7 months.@lodash-en/lodash-enis the sweep's clearest brand collision — a scoped fake-lodash slug that has been live since March.
Contrast with the 2026-07-02 sweep
The 2026-07-02 GHSA sweep retired 9 packages across three sub-clusters (Tailwind/Animate.css typosquats, db-* / cache-* fake-utility quartet, vitest-agent, @modhamanish/rn-mm-template) with take-down bursts spread over ~5 hours. The 2026-07-03 sweep compresses 14 retirements into ~30 minutes — GitHub is clearly triaging these as bulk reports rather than one-by-one confirmations. Combined July 2026 npm-malware count for just the first three days: 32 packages across 23 advisories.
Attribution and downstream links
No campaign attribution is public for any of the 14 packages as of 2026-07-04. The tight time clustering and the shared "unremarkable utility slug" pattern suggests either a single operator or a small ring, but the GHSA texts do not name a threat actor and no vendor (Socket, JFrog, Phylum, Wiz, Aikido) has published a write-up specific to this sweep yet. Whether any of these packages tie back to Miasma / TeamPCP / Hades / the SafeDep-tracked oob.moika.tech family that has driven most 2026 npm malware activity is not established in public research as of 2026-07-04.
Registry state
Every package now resolves to a 0.0.1-security holding tarball owned by npm Security. Historical version tarballs remain fetchable from the CDN as of 2026-07-04 and should be treated as live malware in any lockfile hit — the CDN retention window for withdrawn npm versions typically runs 24–72 hours after the security replacement lands.
Affected packages (14)
- npm
@antoncarlos1/nodelamp1.0.01.0.1 - npm
@jacobtan/decode-sdk1.0.0 - npm
@lodash-en/lodash-en1.4.111.5.0 - npm
@node-cloud/create1.0.01.0.11.0.21.0.31.0.41.0.51.0.6 - npm
@sql-access/nodesql1.0.01.0.31.0.51.0.61.0.71.0.81.0.91.1.01.1.11.1.21.1.31.1.41.1.51.1.61.1.71.1.81.1.9 - npm
@sql-trigger/nodesql1.0.01.0.11.0.2 - npm
@sqlite-node/createsql1.0.11.0.21.0.31.0.41.0.51.0.61.0.71.0.81.0.91.1.01.1.11.1.21.1.31.1.41.1.51.1.7 - npm
alder_morrgan1.0.01.0.1 - npm
api-node-utils2.2.4 - npm
api-ts-utils1.0.02.1.32.1.43.2.13.2.23.4.73.4.83.4.93.5.9 - npm
decode-sdks1.0.01.0.11.0.21.0.3 - npm
ts-node-utils8.0.18.0.48.0.6 - npm
typescript-util-core3.5.07.1.37.1.57.1.6 - npm
web-api-node1.3.21.3.3
Impact
- Any host that installed any of the 14 listed packages should be treated as fully compromised — every GHSA record uses the boilerplate "rotate all secrets from a different computer" language and no patched version exists
- The
api-ts-utils,ts-node-utils,typescript-util-core,web-api-node, andapi-node-utilsfamily was published between 2026-04-22 and 2026-05-04 — up to 73 days sat in the registry before the 2026-07-03 GHSA take-down.api-ts-utilsalone shipped 9 versions in a 12-day burst (1.0.0→3.5.9, 2026-04-22 → 2026-05-04) — anyone who resolved this family in Q2 2026 should assume compromise for that build host @lodash-en/lodash-en@1.4.11/1.5.0typosquats the ubiquitouslodashutility library (~40M weekly downloads) by hiding under a fake "lodash-en" scope — a plausible slug for an "English-language lodash fork" that a developer might paste in without a second look. The versions shipped 2026-03-04, sitting live for ~4 months before take-down- The scoped SQL cluster (
@sql-access/nodesql,@sqlite-node/createsql,@sql-trigger/nodesql,@node-cloud/create) shipped 40+ combined versions between 2026-06-02 and 2026-06-29 — near-daily republish cadence typical of a persistence-driven malware operator rebuilding after each npm auto-flag.@sql-access/nodesqland@sqlite-node/createsqleach shipped 16–17 versions, both hitting1.1.xbefore the take-down decode-sdks(unscoped) +@jacobtan/decode-sdk(scoped) are paired by name — same "decode SDK" concept, same 2026-02-21 publish date — and were retired within 24 seconds of each other (15:36:53 UTC → 15:37 UTC). Both were live for ~4.5 months before take-down; anyone who resolved either between Feb and July 2026 should treat the build host as compromisedalder_morrgan@1.0.0/1.0.1(snake_case, unusual) shipped 2025-12-01 — the oldest in the sweep at 7 months live. The publisher chose an unusual name convention that would slip typosquat scanners looking for standard kebab-case brand collisions
What to do
- 1Remove every reference to any package in the packages map below from
package.json, lockfiles, CI image layers, and committednode_modules - 2If your build ever resolved any of the
*-node-utils,*-ts-utils,*-api-*names in Q2 2026: these are not legitimate utility libraries — the mainstream slugs arets-node,tsx, and@types/node. Rotate every credential the build runner could reach from a separate clean device - 3The legitimate lodash package is
lodash(unscoped), and its English-language docs live atlodash.com—@lodash-en/lodash-enis not a lodash publisher scope. Any lockfile that references it should be treated as a supply-chain incident - 4If you resolved
decode-sdksor@jacobtan/decode-sdkbetween 2026-02-21 and 2026-07-03: 4.5 months of live time — assume long-running exfil from anything the build host could reach. Rotate every credential and re-image the build runner - 5Verify none of the 14 listed packages still resolves via your private mirror — internal Artifactory / Nexus / Verdaccio instances routinely cache tarballs and will continue to serve the malicious versions after the public yank
- 6Add the
*-node-utils,*-api-*,@sql-*,@sqlite-node,@node-cloud, and@lodash-*name prefixes to a package-name allowlist review gate — the naming space around generic TypeScript / SQL / cloud helpers is being farmed for typosquats and personal-scope malware slots
References
- GitHubGitHub Advisory Database — recent npm malware advisoriesgithub.com
- GitHubGHSA-mjvg-2r5j-mg76 — ts-node-utils malware advisorygithub.com
- GitHubGHSA-84mg-p866-528x — typescript-util-core malware advisorygithub.com
- GitHubGHSA-j69c-7q52-h87f — web-api-node malware advisorygithub.com
- GitHubGHSA-3w2r-9f5g-prj8 — api-ts-utils malware advisorygithub.com
- GitHubGHSA-wj6w-3grq-735j — api-node-utils malware advisorygithub.com
- GitHubGHSA-j23f-jg9h-gjmc — alder_morrgan malware advisorygithub.com
- GitHubGHSA-qpx3-6fx4-259q — @sql-access/nodesql malware advisorygithub.com
- GitHubGHSA-558p-3gxf-hm84 — @node-cloud/create malware advisorygithub.com
- GitHubGHSA-9f9w-wg5j-m53j — @sql-trigger/nodesql malware advisorygithub.com
- GitHubGHSA-9w2p-6gjc-vrqv — @sqlite-node/createsql malware advisorygithub.com
- GitHubGHSA-c3r7-wcqm-j4v8 — @antoncarlos1/nodelamp malware advisorygithub.com
- GitHubGHSA-37qp-frv4-562v — @lodash-en/lodash-en malware advisorygithub.com
- GitHubGHSA-gv37-287r-g9vx — decode-sdks malware advisorygithub.com
- GitHubGHSA-3mg6-vg6x-m62v — @jacobtan/decode-sdk malware advisorygithub.com