Open-source atomic malware analysis

Analyze another

react-icons-svgo 1.0.0

NPM
Verdict: SUSPICIOUS
“A lightweight React utility for fetching, validating, and managing SVG icons from CDN sources.”
AI Obfuscated install hook executes malicious npm command
Mal-ecule
K(Mc)O(S₄)H₄(CmDbFPo₄)Md₂(Pa₄)
Size 4.4 KB download
First seen 14 days ago
Analyzed 14 days ago
Package pkg:npm/[email protected]
Ecosystem javascript

Loading file contents…

Loading traits…

Identity

SHA-256 f7fcb551ad78d9c1ba6183b83073b1297fffe7cb610f92c1820146712a897405
Canonical SHA-256 203db3200341a61cc3ae4b9c0d3369bfe9ee5aab3f1a12cac850810b851ef945
Filename react-icons-svgo-1.0.0.tgz
Package react-icons-svgo
Version 1.0.0
PURL pkg:npm/[email protected]

Origin

Source forager
Feed aikido.dev
Ecosystem javascript
Domain npmjs.org
URL https://registry.npmjs.org/react-icons-svgo/-/react-icons-svgo-1.0.0.tgz

Timeline

First seen 27 Jun 2026 15:13 UTC
First analyzed 27 Jun 2026 16:49 UTC
Last analyzed 27 Jun 2026 16:49 UTC
Last updated 27 Jun 2026 16:49 UTC

Labeling

Label bad
Label source forager
Traits version 46112