Skip to content
supplychainattack.orgSupply chain attack incident catalog
containedcritical

Malware in rate-limit-flexible

Malware was discovered in the npm package rate-limit-flexible. Any computer with this package installed or running should be considered fully compromised. All secrets and keys must be rotated immediately from a different computer.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any system with the package installed or running
Ecosystems
npm
Attack vectors
Compromised package
Affected entities
  • rate-limit-flexible

The npm package rate-limit-flexible was found to contain malware. According to the GitHub Security Advisory (GHSA-v7vx-48xw-jwm8), any computer that has this package installed or running should be considered fully compromised.\n\nImmediate action is required: all secrets and keys stored on affected computers should be rotated immediately from a different, uncompromised computer. While the package should be removed, there is no guarantee that removal will eliminate all malicious software that may have been installed as a result of the compromise.\n\nThe advisory was published on June 11, 2026.

Indicators of compromise

Packages
  • rate-limit-flexible

Remediation

  • Immediately rotate all secrets and keys from a different, uncompromised computer
  • Remove the rate-limit-flexible package from all affected systems
  • Audit system logs for unauthorized access or activity
  • Consider the affected computer fully compromised and perform a complete security review
  • Scan systems for additional malware that may have been installed

Sources

  1. GitHub Advisory GHSA-v7vx-48xw-jwm8 · GitHub Advisory Database

Cite this entry

"Malware in rate-limit-flexible." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 11, 2026; last updated June 11, 2026. https://supplychainattack.org/incident/malware-in-rate-limit-flexible-1djzoo

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

Related incidents

  1. containedcritical

    Malware in janus-flow

    Malware was discovered in the npm package janus-flow, resulting in full system compromise of any computer with the package installed or running. All secrets and keys on affected systems should be rotated immediately from a different computer.

    npmCompromised package
  2. containedcritical

    Malware in flow-lending-sdk

    Malware was discovered in the npm package flow-lending-sdk. Systems with this package installed or running are considered fully compromised, with potential for complete system takeover.

    npmCompromised package
  3. activecritical

    Malware in auth-basic-vault

    Malware discovered in the npm package auth-basic-vault. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  4. containedcritical

    Malware in ttspc-server-sample

    The npm package ttspc-server-sample contains malware that grants full control of affected systems. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package