“A lightweight React utility for fetching, validating, and managing SVG icons from CDN sources.”
AI
Obfuscated install hook executes malicious npm command
Local reference
Suspicious dependency
Inferred
Mal-ecule
K(Mc)O(S₄)H₄(CmDbFPo₄)Md₂(Pa₄)
Loading file contents…
Loading traits…
Identity
| SHA-256 | f7fcb551ad78d9c1ba6183b83073b1297fffe7cb610f92c1820146712a897405 |
|---|---|
| Canonical SHA-256 | 203db3200341a61cc3ae4b9c0d3369bfe9ee5aab3f1a12cac850810b851ef945 |
| Filename | react-icons-svgo-1.0.0.tgz |
| Package | react-icons-svgo |
| Version | 1.0.0 |
| PURL | pkg:npm/[email protected] |
Origin
| Source | forager |
|---|---|
| Feed | aikido.dev |
| Ecosystem | javascript |
| Domain | npmjs.org |
| URL | https://registry.npmjs.org/react-icons-svgo/-/react-icons-svgo-1.0.0.tgz |
Timeline
| First seen | 27 Jun 2026 15:13 UTC |
|---|---|
| First analyzed | 27 Jun 2026 16:49 UTC |
| Last analyzed | 27 Jun 2026 16:49 UTC |
| Last updated | 27 Jun 2026 16:49 UTC |
Labeling
| Label | bad |
|---|---|
| Label source | forager |
| Traits version | 46112 |
Not seeing what you expected? Let us know