Skip to content
supplychainattack.orgSupply chain attack incident catalog
activecritical

Malware in rnx-align-deps

Malware discovered in the npm package rnx-align-deps. Systems with this package installed are considered fully compromised and require immediate remediation.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any system with rnx-align-deps installed
Ecosystems
Attack vectors
Affected entities
  • rnx-align-deps

A critical malware incident has been identified in the npm package rnx-align-deps. According to the GitHub Advisory (GHSA-q28c-5m68-92hm), any computer with this package installed or running should be considered fully compromised.\n\nThe advisory recommends that all secrets and keys stored on affected computers be rotated immediately from a different, uncompromised system. While the package should be removed, there is no guarantee that removal will eliminate all malicious software that may have been installed as a result of the compromise.\n\nThis represents a critical supply chain attack through a compromised npm package with full system compromise potential.

Indicators of compromise

Packages
  • rnx-align-deps

Remediation

  • Immediately isolate any system with rnx-align-deps installed from the network
  • Rotate all secrets, API keys, and credentials from a different, uncompromised computer
  • Remove the rnx-align-deps package from all affected systems
  • Perform a full forensic analysis and malware scan on compromised systems
  • Review all access logs and audit trails for suspicious activity during the period the package was installed
  • Consider full system rebuild if sensitive data or systems were affected

Sources

  1. GitHub Advisory GHSA-q28c-5m68-92hm · GitHub Advisory Database

Cite this entry

"Malware in rnx-align-deps." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 7, 2026; last updated July 7, 2026. https://supplychainattack.org/incident/malware-in-rnx-align-deps-150x2w

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. activecritical

    Malware in some-theme

    Malware discovered in the npm package some-theme. Any computer with this package installed or running should be considered fully compromised. All secrets and keys must be rotated immediately from a different computer.

    npmCompromised package
  2. containedcritical

    Malware in anthropic-toolkit

    Malware was discovered in the npm package anthropic-toolkit. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  3. containedcritical

    Malware in brunomenozzi-test-pkg

    Malware was discovered in the npm package brunomenozzi-test-pkg. Systems with this package installed or running should be considered fully compromised and require immediate remediation.

    npmCompromised package
  4. resolvedcritical

    Malware in harmony-enablers-test-2026

    Malware was discovered in the npm package harmony-enablers-test-2026. Systems with this package installed or running should be considered fully compromised, requiring immediate rotation of all secrets and keys from a separate computer.

    npmCompromised package