Skip to content
supplychainattack.orgSupply chain attack incident catalog
resolvedcritical

Malicious code in angylarjs (npm)

Malicious code was discovered in the angylarjs npm package. The package was identified by the OpenSSF malicious-packages project and reported via GitHub Security Advisory GHSA-qqc2-6x9j-cm25.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Unknown; depends on adoption of affected versions
Ecosystems
Attack vectors
Affected entities
  • angylarjsnpm package

The angylarjs npm package was found to contain malicious code. This incident was identified and documented by the OpenSSF's malicious-packages project, a community effort to track and catalog known malicious packages across package ecosystems.\n\nThe advisory was published on July 15, 2026, and assigned GitHub Security Advisory identifier GHSA-qqc2-6x9j-cm25. The source severity is listed as critical.\n\nNo specific details regarding the nature of the malicious payload, affected versions, or remediation steps are provided in the available source material beyond the advisory reference.

Indicators of compromise

Packages
  • angylarjs

Remediation

  • Remove angylarjs from dependencies immediately
  • Audit systems that may have installed or executed angylarjs for signs of compromise
  • Review the full advisory at https://github.com/advisories/GHSA-qqc2-6x9j-cm25 for version-specific details and mitigation guidance
  • Consider using alternative packages for the intended functionality

Sources

  1. GitHub Advisory GHSA-qqc2-6x9j-cm25 · GitHub Advisory Database

Cite this entry

"Malicious code in angylarjs (npm)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 15, 2026; last updated July 15, 2026. https://supplychainattack.org/incident/malicious-code-in-angylarjs-npm-4hwc4w

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. activecritical

    Malware in patientdocuments

    The npm package patientdocuments contains malware that grants full system compromise to an outside entity. Any computer with this package installed or running should be considered fully compromised and all secrets and keys should be rotated immediately from a different computer.

    npmCompromised package
  2. containedcritical

    Malware in js-shared-modules

    Malware was discovered in the npm package js-shared-modules. Systems with this package installed or running are considered fully compromised, with potential for complete system takeover.

    npmCompromised package
  3. activecritical

    Malware in postcss-processor-utils

    Malware discovered in the npm package postcss-processor-utils. The package grants full system compromise to attackers, requiring immediate removal and credential rotation from a clean system.

    npmCompromised package
  4. resolvedcritical

    Malware in saurus-assets

    The npm package saurus-assets contained malware that provided full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package