MAL-2026-4161

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@cap-js/openapi/MAL-2026-4161.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4161
Published
2026-05-19T05:00:00Z
Modified
2026-05-19T18:02:14.674560436Z
Summary
Malicious code in @cap-js/openapi (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (243c059793e8b277fc77959046b7b064cb740d568fa53e4d30b9075660d9dab5)

The package @cap-js/openapi was found to contain malicious code.

Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df)

This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor.

The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df",
            "import_time": "2026-05-19T05:55:55.089101Z",
            "source": "google-open-source-security",
            "modified_time": "2026-05-19T05:36:35Z",
            "versions": [
                "1.4.1"
            ]
        },
        {
            "sha256": "243c059793e8b277fc77959046b7b064cb740d568fa53e4d30b9075660d9dab5",
            "import_time": "2026-05-19T17:50:34.716698784Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-19T16:47:48Z",
            "versions": [
                "1.4.1"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / @cap-js/openapi

Package

Name
@cap-js/openapi
View open source insights on deps.dev
Purl
pkg:npm/%40cap-js%2Fopenapi

Affected ranges

Affected versions

1.*
1.4.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@cap-js/openapi/MAL-2026-4161.json"