GitHub Advisory malware sweep — ~155 npm packages (logger/tailwind/eslint/bignumber typosquats, polymarket-onchain-* crypto-drainers) taken down 2026-07-06
On 2026-07-06 GitHub's Advisory Database published ~155 CWE-506 Embedded Malicious Code advisories against npm packages — the largest single-day 2026 GHSA npm-malware sweep to date. The batch clusters into six naming families: chalk/pino/winston/*-logger pretty-print typosquats, tailwindcss/vite typosquats, eslint / *-lint-* helper squats, bignumber.js / crypto-math typosquats, chai *-as-* matcher squats, and two polymarket-onchain-* crypto-drainer slugs continuing the June cluster. npm replaced every name with 0.0.1-security.
- Detected by
- GitHub Advisory Database · npm Security
- Also known as
- 2026-07-06 GHSA npm sweep
- Ecosystems
- npm
- Packages tracked
- 162
What happened
On 2026-07-06 GitHub's Advisory Database published ~155 CWE-506 (Embedded Malicious Code) advisories against npm packages — a single-day volume that dwarfs the individual mid-week sweeps (2026-06-30 — 5 packages, 2026-07-02 — 9 packages, 2026-07-03 — 14 packages) and appears to represent a bulk backlog processing action by GHSA staff. Every record uses the standard "any computer that has this package installed or running should be considered fully compromised — rotate all secrets from a different computer" boilerplate. No payload write-ups accompany any of the GHSA texts.
Six naming clusters
1. Logger / pretty-print typosquats (~34 packages)
A sprawling cluster targeting the Node.js structured-logging vocabulary. pino-utils, pino-formatter, pino-sdk-v2, pino-pretty-logs, pretty-pino-logger, pretty-pino-loggers collide with the pino family. winston-prism, winston-js-express collide with winston. chalki-pretty, chalk-pro-logger, chalks-logger, chalk-logger-prettier, chalk-prettier, chalk-plus-ts collide with chalk + prettier. Add picocolor-logger, custom-log-viewer, color-cli-log, color-logger-console, logger-beauty, awesome-cli-logger, emojiprint-logger, emojiprint-prettier, styled-text-logger, log-format-thread, log-upgrade, elevate-log, sleek-pretty, prettier-logger. Every one of these is a plausible mistype or "prettier fork" that would slip past a lockfile review that only checks for exact-match brand names.
2. Tailwind / Vite / PostCSS typosquats (~11 packages)
Continuation of the 2026-07-02 sweep Tailwind theme. tailwindcss-animatecss-latest@2.1.0–2.1.1, tailwindcss-fonttypo-inter@2.3.2, tailwindcss-fonttype-inter@2.3.1–2.3.2, tailwindcss-svg-helper@1.17.9–1.18.0, tailwindcss-framer-motion@1.1.3, tailwind-typography-plus@2.1.0, tailwind-fonttype-inter@2.3.2, tailwind-scroller@1.0.2. Vite: vite-plugin-svg-paths@1.1.5–1.1.9, vite-plugin-compress-js@0.5.4–0.5.7, vite-config-field@1.1.0–1.1.5.
3. ESLint / lint-helper typosquats (~20 packages)
ts-eslinter, ts-lint-builds, ts-lint-builders, ts-eslint-helper, bjs-lint-builder, bjs-lint-builders, sjs-lint-build1, hjs-lint-builders, es-lint-entry, es-lint-builders, eslint-vite, eslint-helper, lint-null, lint-nule, lint-nuler, lint-builds, lint-builders, linter-entry, npm-eslint-helper, test-prettier. Naming pattern is a rebranding operator cycling through single-letter prefixes (bjs-, sjs-, hjs-, cjs-, mjs-) — same shape as the 2026-07-03 SQL cluster.
4. bignumber.js / crypto-math typosquats (~17 packages)
bigint.os, bigint.fs, bn-eslint.js, bn-math, ether-bn.js, next-bignumber.js, big-numerator, big-numer, big-numerate, big256-ts, and the prefixed set sjs-biginteger, mjs-biginteger, cjs-biginteger, bjs-biginteger, hjs-biginteger, st-biginteger, st-bigintr. Almost all versions cluster around 5.0.5+ — the same starting version as the real bignumber.js, giving the fakes a plausible "current version" if a developer skims npm search results.
5. Chai *-as-* matcher squats (5 packages)
chai-guard, chai-dec, chai-as-init, chai-as-polished, chai-as-decrypted. All plausibly typo chai-as-promised, the canonical async-assertion adapter. Same batch also includes test-prettier (fake Jest/Mocha helper).
6. Polymarket crypto-drainer continuation (2 packages)
polymarket-onchain-sdk@1.0.2–1.0.4 and polymarket-onchain-plugin@2.1.3–2.1.5 continue the Polymarket brand-collision campaign tracked from 2026-06-27's polymarket-clob-math package. Same brand, different slugs — indicative of a persistent operator working the Polymarket wallet-drainer angle across weeks.
7. Miscellaneous (~65 packages)
The remainder is a long tail of individual typosquats and throwaway names: argonflux, modulyn, syncora, stacknova, graphpilot, bytecore, peptideenv, fastnodemailer, bubblestr, subsearch, windrule-utils, typedecode, twcompose-utils, txs-data, theta-connector, theta-kit, tailstyle-core, rma-utils, sol-sdk, secure-box, set-proto-chain, router-kit, request-js-validator, react-svg-render, react-check-error, react-native-template-my-starter, react-next-dom, rollup-plugin-polyfill-handler, webpack-patch, webpack-cache-clean, motion-lib, df-vision, debug-glitzs, mongoose-json-format, mongoose-lean-hooks, metrica-node, metrica-chain, js-unimode, jsontoken-extend, jsonupper, js-crypto-promise, older_morgan, chain-await-test, bootstrap-utils, competion, btd-smart, cookie-ease, safe-validate, renderctx, classbreeze-utils, grid-settings-align, env-axios, environment-gate, express-guardrail, express-session-js, express-initial, express-dotenv, dotenv-express, db-query-log, devkit-scripts, eth-tick, eth-logger, node-env-detector, nodepathbalance54, normalize-path-seq, ts-webplug, ts-build-optimize, ts-bigtn, ts-relayer-pub, tsliverhome, npm-doc-dev, @jaime9008/math-service, xnder-sdk-js, web-pool, wime-zle, unique-id-64, random-string-64. Some carry unusually long publish histories (js-unimode 10 versions, jsontoken-extend 14 versions, df-vision 12 versions, cookie-ease 10 versions, router-kit 30+ versions) — signals of long-running operator persistence that GHSA has now cleaned up in one shot.
Registry state
Every package now resolves to a 0.0.1-security holding tarball owned by npm Security. Historical version tarballs may remain fetchable from the CDN as of 2026-07-07 and should be treated as live malware in any lockfile hit — the CDN retention window for withdrawn npm versions typically runs 24–72 hours after the security replacement lands.
Affected packages (162)
- npm
@jaime9008/math-service1.0.01.0.11.0.2 - npm
argonflux2.0.1 - npm
awesome-cli-logger1.0.01.2.0 - npm
big-numer5.0.5 - npm
big-numerate5.0.3 - npm
big-numerator5.0.35.0.6 - npm
big256-ts5.0.35.0.4 - npm
bigint.fs5.0.55.0.6 - npm
bigint.os5.0.55.0.65.0.75.0.8 - npm
bjs-biginteger5.0.55.0.6 - npm
bjs-lint-builder1.0.5 - npm
bjs-lint-builders1.0.41.0.51.1.0 - npm
bn-eslint.js8.0.5 - npm
bn-math1.0.01.0.1 - npm
bootstrap-utils4.5.05.1.1 - npm
btd-smart1.0.21.0.3 - npm
bubblestr1.1.4 - npm
bytecore5.3.1 - npm
chai-as-decrypted4.2.8 - npm
chai-as-init1.4.51.4.61.4.77.0.6 - npm
chai-as-polished7.0.8 - npm
chai-dec2.3.5 - npm
chai-guard1.0.01.2.3 - npm
chain-await-test1.3.5 - npm
chalk-logger-prettier1.0.11.0.21.0.31.0.41.0.51.0.71.0.8 - npm
chalk-plus-ts1.0.31.0.4 - npm
chalk-prettier1.0.81.0.9 - npm
chalk-pro-logger1.1.11.1.2 - npm
chalki-pretty1.0.0 - npm
chalks-logger1.0.91.1.01.1.11.1.21.1.3 - npm
cjs-biginteger5.0.35.0.55.0.6 - npm
classbreeze-utils0.7.70.7.80.7.90.7.10 - npm
color-cli-log2.0.02.1.0 - npm
color-logger-console3.1.83.1.9 - npm
competion1.8.11.8.21.8.31.8.4 - npm
cookie-ease1.0.01.0.51.0.61.0.71.0.81.0.91.1.11.1.21.1.31.1.5 - npm
custom-log-viewer1.0.0 - npm
db-query-log1.0.11.0.2 - npm
debug-glitzs1.0.01.0.11.0.21.0.31.0.4 - npm
devkit-scripts1.0.01.0.3 - npm
df-vision0.0.11.1.701.1.711.1.721.1.731.1.741.1.751.1.761.1.771.1.781.1.79 - npm
dotenv-express2.5.517.4.217.4.317.4.417.4.517.4.6 - npm
elevate-log2.0.5 - npm
emojiprint-logger1.1.05.6.2 - npm
emojiprint-prettier1.0.9 - npm
env-axios1.3.6 - npm
environment-gate7.3.57.3.6 - npm
es-lint-builders1.0.01.0.31.0.41.0.5 - npm
es-lint-entry1.0.0 - npm
eslint-helper4.0.14.0.2 - npm
eslint-vite1.0.01.0.11.0.2 - npm
eth-logger4.3.204.3.21 - npm
eth-tick7.4.177.4.18 - npm
ether-bn.js1.0.01.0.31.1.11.2.11.3.11.3.31.3.41.4.01.4.1 - npm
express-dotenv1.3.5 - npm
express-guardrail1.3.51.4.1 - npm
express-initial12.1.712.1.812.1.912.1.10 - npm
express-session-js1.0.01.19.0 - npm
fastnodemailer8.0.28.0.38.0.4 - npm
graphpilot0.1.00.1.10.1.20.1.30.1.41.0.0 - npm
grid-settings-align14.1.114.1.2 - npm
hjs-biginteger5.0.5 - npm
hjs-lint-builders1.0.4 - npm
js-crypto-promise1.0.1 - npm
js-unimode1.1.11.1.21.1.31.1.41.1.51.1.61.1.71.1.81.1.91.1.10 - npm
jsontoken-extend1.0.01.0.11.0.21.0.31.0.41.0.51.0.61.0.71.0.81.0.91.0.101.0.111.0.121.0.13 - npm
jsonupper1.0.05.1.0 - npm
lint-builders1.0.0 - npm
lint-builds1.0.01.0.5 - npm
lint-nule1.0.4 - npm
lint-nuler1.0.4 - npm
lint-null1.0.4 - npm
linter-entry1.0.0 - npm
log-format-thread1.0.01.0.1 - npm
log-upgrade7.1.0 - npm
logger-beauty1.0.11.0.21.0.31.1.02.1.1 - npm
metrica-chain2.4.5 - npm
metrica-node2.4.5 - npm
mjs-biginteger5.0.55.0.6 - npm
modulyn1.0.1 - npm
mongoose-json-format3.0.03.0.1 - npm
mongoose-lean-hooks0.5.20.5.30.5.40.5.50.5.60.5.7 - npm
motion-lib2.3.5 - npm
next-bignumber.js1.0.0 - npm
node-env-detector1.0.01.0.1 - npm
nodepathbalance541.1.0 - npm
normalize-path-seq3.8.9 - npm
npm-doc-dev1.0.41.0.51.0.61.0.71.0.81.0.91.1.01.1.1 - npm
npm-eslint-helper1.0.1 - npm
older_morgan1.0.11.0.2 - npm
peptideenv16.6.116.6.216.6.316.6.416.6.516.6.6 - npm
picocolor-logger1.0.01.0.11.0.2 - npm
pino-formatter1.1.121.1.13 - npm
pino-pretty-logs1.0.71.0.81.1.02.0.0 - npm
pino-sdk-v29.9.0 - npm
pino-utils1.3.61.4.0 - npm
polymarket-onchain-plugin2.1.32.1.42.1.5 - npm
polymarket-onchain-sdk1.0.21.0.31.0.4 - npm
prettier-logger0.1.40.1.50.1.6 - npm
pretty-pino-logger1.0.01.0.11.0.21.0.31.0.42.0.12.0.2 - npm
pretty-pino-loggers1.0.1 - npm
random-string-641.0.01.0.1 - npm
react-check-error2.1.62.1.7 - npm
react-native-template-my-starter1.0.0 - npm
react-next-dom1.0.01.1.717.2.717.2.8 - npm
react-svg-render1.0.2 - npm
renderctx1.1.1 - npm
request-js-validator1.0.21.0.31.0.4 - npm
rma-utils1.0.1 - npm
rollup-plugin-polyfill-handler1.0.01.0.1 - npm
router-kit0.1.10.1.20.1.30.1.40.1.50.1.60.1.70.2.00.2.10.2.20.2.30.2.51.0.01.0.11.0.21.0.31.2.01.2.11.2.21.2.31.2.41.2.51.2.61.3.01.3.11.3.21.3.31.3.42.0.02.0.12.1.0 - npm
safe-validate1.0.11.0.21.0.31.0.4 - npm
secure-box1.0.11.0.2 - npm
set-proto-chain1.0.3 - npm
sjs-biginteger5.0.55.0.6 - npm
sjs-builder1.0.41.0.5 - npm
sjs-builders1.0.4 - npm
sjs-lint-build11.0.4 - npm
sleek-pretty1.0.0 - npm
sol-sdk2.3.18 - npm
st-biginteger5.0.5 - npm
st-bigintr5.0.55.0.6 - npm
stacknova1.0.0 - npm
styled-text-logger1.3.1 - npm
subsearch1.0.21.0.3 - npm
syncora0.2.03.5.7 - npm
tailstyle-core0.0.1 - npm
tailwind-fonttype-inter2.3.2 - npm
tailwind-scroller1.0.2 - npm
tailwind-typography-plus2.1.0 - npm
tailwindcss-animatecss-latest2.1.02.1.1 - npm
tailwindcss-fonttype-inter2.3.12.3.2 - npm
tailwindcss-fonttypo-inter2.3.2 - npm
tailwindcss-framer-motion1.1.3 - npm
tailwindcss-svg-helper1.17.91.18.0 - npm
test-prettier1.0.9 - npm
theta-connector1.0.0 - npm
theta-kit1.0.01.0.11.0.21.0.3 - npm
ts-bigtn1.3.11.3.2 - npm
ts-build-optimize1.1.51.1.61.2.01.2.11.2.2 - npm
ts-eslint-helper4.0.14.0.24.0.34.0.44.0.5 - npm
ts-eslinter1.0.0 - npm
ts-lint-builders1.0.5 - npm
ts-lint-builds1.0.5 - npm
ts-relayer-pub1.0.0 - npm
ts-webplug3.0.53.0.63.0.73.0.8 - npm
tsliverhome1.0.01.1.11.1.21.1.31.1.41.1.5 - npm
twcompose-utils0.7.60.7.7 - npm
txs-data1.0.1 - npm
typedecode1.0.11.0.21.0.3 - npm
unique-id-641.0.0 - npm
vite-config-field1.1.01.1.11.1.21.1.31.1.41.1.5 - npm
vite-plugin-compress-js0.5.40.5.50.5.60.5.7 - npm
vite-plugin-svg-paths1.1.51.1.61.1.71.1.81.1.9 - npm
web-pool2.3.5 - npm
webpack-cache-clean0.1.4 - npm
webpack-patch1.1.71.1.81.1.91.2.0 - npm
wime-zle1.1.4 - npm
windrule-utils0.0.1 - npm
winston-js-express1.0.01.0.31.0.41.0.51.0.61.0.71.1.11.1.2 - npm
winston-prism1.0.1 - npm
xnder-sdk-js0.1.0
Impact
- Any host that installed any of the ~155 packages listed below should be treated as fully compromised — every GHSA record uses the boilerplate "rotate all secrets from a different computer" language; no patched version exists for any of them
- The
polymarket-onchain-sdk@1.0.2–1.0.4andpolymarket-onchain-plugin@2.1.3–2.1.5names continue the crypto-wallet-drainer campaign already tracked under polymarket-clob-math — same brand collision, different slugs, likely same operator - The logger / pretty-print family (
pino-*,winston-*,chalk-*,picocolor-logger,chalki-pretty,prettier-logger,styled-text-logger,sleek-pretty,emojiprint-*,logger-beauty,color-cli-log,color-logger-console,awesome-cli-logger,elevate-log,custom-log-viewer) squats the entire Node.js structured-logging naming space — 30+ distinct package names targeting the exact vocabulary a developer types when adding logging to a service - The
bignumber.js/ crypto-math cluster (bigint.os,bigint.fs,bn-eslint.js,bn-math,ether-bn.js,next-bignumber.js,big-numerator,big-numer,big-numerate,big256-ts,sjs-biginteger,mjs-biginteger,cjs-biginteger,bjs-biginteger,hjs-biginteger,st-biginteger,st-bigintr) targets developers who typo the ubiquitousbignumber.jsslug used across Ethereum/Solana tooling — many hit5.0.5+ versions to blend withbignumber.js's own version range - The tailwindcss / vite typosquat cluster (
tailwindcss-animatecss-latest,tailwindcss-fonttypo-inter,tailwindcss-fonttype-inter,tailwindcss-svg-helper,tailwindcss-framer-motion,tailwind-typography-plus,tailwind-fonttype-inter,tailwind-scroller,vite-plugin-svg-paths,vite-plugin-compress-js,vite-config-field) continues the Tailwind/Animate.css / Vite plugin theme from the 2026-07-02 sweep — the same operator or a copycat is still working the same aesthetic naming space - The chai
*-as-*matcher cluster (chai-guard,chai-dec,chai-as-init,chai-as-polished,chai-as-decrypted) plausibly squatschai-as-promised, the canonical assertion adapter for async Chai tests — anyone adding an async matcher to a test suite between publish and 2026-07-06 could have grabbed one of these
What to do
- 1Grep your lockfiles (
package-lock.json,yarn.lock,pnpm-lock.yaml) for every name in the packages map below — 155+ names is too many to eyeball. Any match is a supply-chain incident: rotate every credential the build runner could reach and re-image the build host - 2If you resolved
polymarket-onchain-sdkorpolymarket-onchain-pluginat any point: treat this as a crypto-wallet compromise. Any wallet key, seed phrase, or exchange API key that touched that machine should be rotated immediately and funds moved - 3Add the
pino-,winston-,chalk-,tailwindcss-,vite-plugin-,bignumber.js/big-*/bigint.*,eslint-,lint-, andchai-as-*name prefixes to a review gate on any package addition — the malware operators have been farming these exact naming spaces for three consecutive months - 4Verify none of the 155+ listed packages still resolves via your private mirror — internal Artifactory / Nexus / Verdaccio instances routinely cache tarballs and will keep serving the malicious versions after the public yank
- 5For the ESLint / TypeScript-lint family (
ts-lint-builds,ts-lint-builders,ts-eslinter,ts-eslint-helper,bjs-lint-*,hjs-lint-*,sjs-lint-*,es-lint-*,lint-builds,lint-builders,lint-null,lint-nule,lint-nuler,linter-entry): none of these are legitimate ESLint or TypeScript packages. The canonical slugs areeslint,@typescript-eslint/eslint-plugin,typescript-eslint - 6If your build ever resolved a
*jsonupper/js-crypto-promise/js-unimode/jsontoken-extendname: these are placeholder utility slugs common to malware operators; the mainstream JSON/JWT/promise-utility names (json5,jsonwebtoken,p-map, etc.) do not use these suffixes
References
- GitHubGitHub Advisory Database — recent npm malware advisoriesgithub.com
- GitHubGHSA-89w2-qgj2-9f2w — polymarket-onchain-sdk malware advisorygithub.com
- GitHubGHSA-29mh-pwqh-6586 — polymarket-onchain-plugin malware advisorygithub.com
- GitHubGHSA-h89m-q7rj-4hxm — rollup-plugin-polyfill-handler malware advisorygithub.com
- GitHubGHSA-99rj-fjph-w44m — react-next-dom malware advisorygithub.com
- GitHubGHSA-3xpg-2wmm-jjj2 — winston-prism malware advisorygithub.com
- GitHubGHSA-fhrx-mrfp-3fvg — winston-js-express malware advisorygithub.com
- GitHubGHSA-jc9j-qfjm-7m7f — vite-plugin-compress-js malware advisorygithub.com
- GitHubGHSA-cjj7-4xf8-fgf8 — tailwindcss-animatecss-latest malware advisorygithub.com
- GitHubGHSA-9vrr-rpr8-7hfj — pretty-pino-logger malware advisorygithub.com
- GitHubGHSA-rg2r-h6hr-96rp — @jaime9008/math-service malware advisorygithub.com