Skip to content
supplychainattack.orgSupply chain attack incident catalog
activecritical

Malware in ai-sdk-ollama

Malware discovered in the ai-sdk-ollama npm package. Systems with this package installed are considered fully compromised and require immediate remediation.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any system with ai-sdk-ollama installed or running
Ecosystems
npmAI agents & skills
Attack vectors
Compromised package
Affected entities
  • ai-sdk-ollamanpm package

A critical malware incident has been identified in the ai-sdk-ollama npm package. According to the GitHub Security Advisory (GHSA-m9j7-x8ww-5jwr), any computer with this package installed or running should be considered fully compromised.\n\nThe advisory recommends that all secrets and keys stored on affected computers be rotated immediately from a different, uncompromised system. While the package should be removed, there is no guarantee that removal will eliminate all malicious software that may have been installed as a result of the package compromise.\n\nThis is a supply chain attack affecting the npm ecosystem through a compromised package in the AI/LLM tooling space.

Indicators of compromise

Packages
  • ai-sdk-ollama

Remediation

  • Immediately isolate any system with ai-sdk-ollama installed from the network
  • Rotate all secrets, API keys, and credentials from a different, uncompromised computer
  • Remove the ai-sdk-ollama package from all affected systems
  • Perform a full security audit and malware scan on all affected systems
  • Review system logs and network traffic for signs of unauthorized access or data exfiltration
  • Consider full system reimaging if compromise is confirmed
  • Update to a patched version of ai-sdk-ollama once available and verified as safe

Sources

  1. GitHub Advisory GHSA-m9j7-x8ww-5jwr · GitHub Advisory Database

Cite this entry

"Malware in ai-sdk-ollama." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 30, 2026; last updated June 30, 2026. https://supplychainattack.org/incident/malware-in-ai-sdk-ollama-18ubxd

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

Related incidents

  1. activecritical

    Malware in ai-node-agent

    The npm package ai-node-agent contains malware that grants full system compromise to an outside entity. All systems with this package installed or running should be considered fully compromised.

    npmAI agents & skillsCompromised package
  2. containedhigh

    Microsoft links Mastra AI supply chain attack to North Korean hackers

    Microsoft attributed a Mastra AI supply chain attack that compromised over 140 npm packages to North Korean hacking group Sapphire Sleet (BlueNoroff). The attack targeted the npm ecosystem and AI development infrastructure.

    UNC1069npmAI agents & skillsCompromised packageMalicious maintainer
  3. activecritical

    Malware in @rafaelsene01/agent-flow

    Malware discovered in the npm package @rafaelsene01/agent-flow. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmAI agents & skillsCompromised package
  4. activecritical

    Malware in @mastra/agent-browser

    Malware was discovered in the npm package @mastra/agent-browser. Systems with this package installed or running should be considered fully compromised and require immediate remediation.

    npmAI agents & skillsCompromised package