Mal-ecule
O(S)H(Po)Md(Pa₇)
Well-known
component severity, 100% confident.
malware/stealer
Regex component marker
Objectives
suspicious severity, 92% confident.
supply-chain/metadata-anomaly/manifest
npm script backgrounds shell sidecar
baseline severity, 80% confident.
credential-access/financial
Field filter returns true
component severity, 100% confident.
anti-static/obfuscation/code-metrics
Interface declaration source context
component severity, 100% confident.
anti-static/obfuscation/payload
Source map file extension
component severity, 100% confident.
anti-static/obfuscation/string
JavaScript hashed bundle basename
component severity, 100% confident.
impact/destroy
package defines test script
component severity, 100% confident.
supply-chain/metadata-anomaly/dependency
npm package declares lint script
Micro-behaviors
notable severity, 70% confident.
process/interpreter
JavaScript new Function constructor
baseline severity, 90% confident.
data/source
Prototype guard keyword
baseline severity, 70% confident.
data/source/syntax
Function constructor keyword
Metadata
notable severity, 90% confident.
package
Package has TypeScript support
notable severity, 90% confident.
package/fields
Package has TypeScript types entry
baseline severity, 95% confident.
import
imports import
baseline severity, 95% confident.
import/npm::internals
imports @internals/utils from 0.0.0
baseline severity, 95% confident.
import/npm::kubb
imports @kubb/plugin-faker from 4.37.8
baseline severity, 100% confident.
lang
javascript code embedded in string
baseline severity, 100% confident.
lang/encoded
JavaScript file basename
baseline severity, 90% confident.
library
Vite/Rollup vendor chunk basename
execution
notable severity, 90% confident.
script
Script 'release:canary' executes node interpreter
20 of 41 traits shown
Identity
| SHA-256 | a8fa8e0a9bb364c01e5f18609e4859de121d9800b79f51d4c8ed80d2e33cac5b |
|---|---|
| Canonical SHA-256 | 08489b93a2d4ff6ef85e36da98a535100c818c9ef4b3b02436dbc2146960773c |
| Filename | @kubb-plugin-msw-4.37.8.tgz |
| Package | @kubb |
| Version | 4.37.8 |
Origin
| Source | harvest |
|---|---|
| Feed | npmjs.org |
| Ecosystem | javascript |
| Domain | npmjs.org |
Timeline
| First seen | 23 May 2026 17:24 UTC |
|---|---|
| First analyzed | 24 May 2026 19:07 UTC |
| Last analyzed | 24 May 2026 19:07 UTC |
| Last updated | 24 May 2026 19:07 UTC |
Labeling
| Label | unknown |
|---|---|
| Label source | harvest |
| Traits version | 9ea7c |
Not seeing what you expected? Let us know