New Blog: Malicious npm campaign targets strapi-plugin Deploys Full C2 Agent
Edit Calendar Icon 3 Apr 2026
SafeDep Logo

Stop Malicious Packages
Before They Merge

SafeDep scans every pull request for compromised dependencies. Install the GitHub App and protect your repos in minutes.

GitHub Install GitHub App Book a Demo
npm
strapi-plugin-c...@1.0.0
Malicious
High

Fri Apr 03 2026; 2:02AM

View Report
npm
strapi-plugin-c...@1.0.0
Malicious
High

Fri Apr 03 2026; 2:47AM

View Report
npm
strapi-plugin-s...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:01AM

View Report
npm
strapi-plugin-d...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:05AM

View Report
npm
strapi-plugin-h...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:37AM

View Report
npm
strapi-plugin-m...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:40AM

View Report
npm
strapi-plugin-e...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:46AM

View Report
npm
strapi-plugin-s...@1.0.0
Malicious
High

Fri Apr 03 2026; 4:45AM

View Report
npm
strapi-plugin-a...@3.6.8
Malicious
High

Fri Apr 03 2026; 11:53AM

View Report
npm
strapi-plugin-a...@3.6.9
Malicious
High

Fri Apr 03 2026; 3:04PM

View Report
pypi
litellm@1.82.7
Malicious
High

Tue Mar 24 2026; 12:00AM

View Report
pypi
litellm@1.82.8
Malicious
High

Tue Mar 24 2026; 12:00AM

View Report
pypi
telnyx@4.87.1
Malicious
High

Fri Mar 27 2026; 12:00AM

View Report
pypi
telnyx@4.87.2
Malicious
High

Fri Mar 27 2026; 12:00AM

View Report
npm
v-plausible@1.2.1
Malicious
High

Mon Nov 24 2025; 4:48PM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:50PM

View Report
rubygems
rails@7.0.4
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
vue@3.2.39
Safe
High

Tue Nov 25 2025; 6:02AM

View Report
npm
use-unsaved-cha...@1.0.9
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
zuper-cli@1.0.1
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
wenk@1.0.10
Malicious
High

Mon Nov 24 2025; 10:25AM

View Report
rubygems
devise@4.8.1
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
upload-to-play-...@1.0.1
Malicious
High

Mon Nov 24 2025; 4:52PM

View Report
npm
valuedex-sdk@3.0.5
Malicious
High

Mon Nov 24 2025; 4:52PM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:50PM

View Report
npm
vf-oss-template@1.0.2
Malicious
High

Mon Nov 24 2025; 11:30AM

View Report
npm
wallet-evm@0.3.1
Malicious
High

Mon Nov 24 2025; 3:49PM

View Report
npm
vf-oss-template@1.0.3
Malicious
High

Mon Nov 24 2025; 12:11PM

View Report
npm
zuper-sdk@1.0.57
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
url-encode-deco...@1.0.1
Malicious
High

Mon Nov 24 2025; 10:05AM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:50PM

View Report
npm
wenk@1.0.9
Malicious
High

Mon Nov 24 2025; 10:08AM

View Report
npm
victoria-wallet...@0.1.2
Malicious
High

Mon Nov 24 2025; 4:25PM

View Report
npm
wellness-expert...@5.1.1
Malicious
High

Mon Nov 24 2025; 9:24AM

View Report
cargo
tokio@1.21.2
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
vf-oss-template@1.0.1
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:50PM

View Report
pypi
requests@2.28.1
Safe
High

Thu Jan 23 2025; 6:05PM

View Report
pypi
fastapi@0.85.0
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
wallet-evm@0.3.2
Malicious
High

Mon Nov 24 2025; 4:25PM

View Report
npm
web-scraper-mcp@1.1.4
Malicious
High

Mon Nov 24 2025; 9:19AM

View Report
npm
upload-to-play-...@1.0.2
Malicious
High

Mon Nov 24 2025; 10:22AM

View Report
npm
express@4.18.1
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
victoria-wallet...@0.1.2
Malicious
High

Mon Nov 24 2025; 4:25PM

View Report
cargo
async-std@1.12.0
Safe
High

Tue Nov 25 2025; 6:08AM

View Report
npm
valid-south-afr...@1.0.3
Malicious
High

Mon Nov 24 2025; 10:15AM

View Report
npm
zuper-stream@2.0.9
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
url-encode-deco...@1.0.2
Malicious
High

Mon Nov 24 2025; 11:25AM

View Report
npm
react-dom@18.2.0
Safe
High

Fri Jan 24 2025; 9:44AM

View Report
npm
vue-browserupda...@1.0.5
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
vf-oss-template@1.0.4
Malicious
High

Mon Nov 24 2025; 1:11PM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:49PM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 3:35AM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 3:35AM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 3:36AM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 3:40AM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 12:00AM

View Report
npm
@asyncapi/model...@5.10.2
Malicious
High

Mon Nov 24 2025; 12:00AM

View Report
npm
posthog-node@4.18.1
Malicious
High

Mon Nov 24 2025; 4:14AM

View Report
npm
@postman/node-k...@7.9.2
Suspicious
High

Tue Nov 25 2025; 6:17AM

View Report
npm
@postman/tunnel...@0.6.5
Malicious
High

Mon Nov 24 2025; 5:06AM

View Report
npm
@postman/wdio-a...@0.0.7
Malicious
High

Mon Nov 24 2025; 5:06AM

View Report
npm
@postman/wdio-a...@0.0.8
Malicious
High

Mon Nov 24 2025; 5:11AM

View Report
npm
@postman/postma...@1.0.3
Malicious
High

Mon Nov 24 2025; 5:06AM

View Report
npm
@postman/postma...@1.0.4
Malicious
High

Mon Nov 24 2025; 5:11AM

View Report
npm
@postman/wdio-j...@0.0.4
Malicious
High

Mon Nov 24 2025; 5:05AM

View Report
npm
@postman/wdio-j...@0.0.5
Malicious
High

Mon Nov 24 2025; 5:11AM

View Report
npm
@postman/pm-bin...@1.24.5
Malicious
High

Mon Nov 24 2025; 5:15AM

View Report
npm
@postman/aether...@2.23.3
Malicious
High

Mon Nov 24 2025; 5:12AM

View Report
npm
@postman/aether...@2.23.4
Malicious
High

Mon Nov 24 2025; 5:15AM

View Report
npm
strapi-plugin-c...@1.0.0
Malicious
High

Fri Apr 03 2026; 2:02AM

View Report
npm
strapi-plugin-c...@1.0.0
Malicious
High

Fri Apr 03 2026; 2:47AM

View Report
npm
strapi-plugin-s...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:01AM

View Report
npm
strapi-plugin-d...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:05AM

View Report
npm
strapi-plugin-h...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:37AM

View Report
npm
strapi-plugin-m...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:40AM

View Report
npm
strapi-plugin-e...@1.0.0
Malicious
High

Fri Apr 03 2026; 3:46AM

View Report
npm
strapi-plugin-s...@1.0.0
Malicious
High

Fri Apr 03 2026; 4:45AM

View Report
npm
strapi-plugin-a...@3.6.8
Malicious
High

Fri Apr 03 2026; 11:53AM

View Report
npm
strapi-plugin-a...@3.6.9
Malicious
High

Fri Apr 03 2026; 3:04PM

View Report
pypi
litellm@1.82.7
Malicious
High

Tue Mar 24 2026; 12:00AM

View Report
pypi
litellm@1.82.8
Malicious
High

Tue Mar 24 2026; 12:00AM

View Report
pypi
telnyx@4.87.1
Malicious
High

Fri Mar 27 2026; 12:00AM

View Report
pypi
telnyx@4.87.2
Malicious
High

Fri Mar 27 2026; 12:00AM

View Report
npm
v-plausible@1.2.1
Malicious
High

Mon Nov 24 2025; 4:48PM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:50PM

View Report
rubygems
rails@7.0.4
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
vue@3.2.39
Safe
High

Tue Nov 25 2025; 6:02AM

View Report
npm
use-unsaved-cha...@1.0.9
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
zuper-cli@1.0.1
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
wenk@1.0.10
Malicious
High

Mon Nov 24 2025; 10:25AM

View Report
rubygems
devise@4.8.1
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
upload-to-play-...@1.0.1
Malicious
High

Mon Nov 24 2025; 4:52PM

View Report
npm
valuedex-sdk@3.0.5
Malicious
High

Mon Nov 24 2025; 4:52PM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:50PM

View Report
npm
vf-oss-template@1.0.2
Malicious
High

Mon Nov 24 2025; 11:30AM

View Report
npm
wallet-evm@0.3.1
Malicious
High

Mon Nov 24 2025; 3:49PM

View Report
npm
vf-oss-template@1.0.3
Malicious
High

Mon Nov 24 2025; 12:11PM

View Report
npm
zuper-sdk@1.0.57
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
url-encode-deco...@1.0.1
Malicious
High

Mon Nov 24 2025; 10:05AM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:50PM

View Report
npm
wenk@1.0.9
Malicious
High

Mon Nov 24 2025; 10:08AM

View Report
npm
victoria-wallet...@0.1.2
Malicious
High

Mon Nov 24 2025; 4:25PM

View Report
npm
wellness-expert...@5.1.1
Malicious
High

Mon Nov 24 2025; 9:24AM

View Report
cargo
tokio@1.21.2
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
vf-oss-template@1.0.1
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:50PM

View Report
pypi
requests@2.28.1
Safe
High

Thu Jan 23 2025; 6:05PM

View Report
pypi
fastapi@0.85.0
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
wallet-evm@0.3.2
Malicious
High

Mon Nov 24 2025; 4:25PM

View Report
npm
web-scraper-mcp@1.1.4
Malicious
High

Mon Nov 24 2025; 9:19AM

View Report
npm
upload-to-play-...@1.0.2
Malicious
High

Mon Nov 24 2025; 10:22AM

View Report
npm
express@4.18.1
Safe
High

Tue Nov 25 2025; 6:07AM

View Report
npm
victoria-wallet...@0.1.2
Malicious
High

Mon Nov 24 2025; 4:25PM

View Report
cargo
async-std@1.12.0
Safe
High

Tue Nov 25 2025; 6:08AM

View Report
npm
valid-south-afr...@1.0.3
Malicious
High

Mon Nov 24 2025; 10:15AM

View Report
npm
zuper-stream@2.0.9
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
url-encode-deco...@1.0.2
Malicious
High

Mon Nov 24 2025; 11:25AM

View Report
npm
react-dom@18.2.0
Safe
High

Fri Jan 24 2025; 9:44AM

View Report
npm
vue-browserupda...@1.0.5
Malicious
High

Tue Jan 06 2026; 7:00PM

View Report
npm
vf-oss-template@1.0.4
Malicious
High

Mon Nov 24 2025; 1:11PM

View Report
npm
victoria-wallet...@0.1.1
Malicious
High

Mon Nov 24 2025; 3:49PM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 3:35AM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 3:35AM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 3:36AM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 3:40AM

View Report
npm
@quick-start-so...@1.4.2511...
Malicious
High

Mon Nov 24 2025; 12:00AM

View Report
npm
@asyncapi/model...@5.10.2
Malicious
High

Mon Nov 24 2025; 12:00AM

View Report
npm
posthog-node@4.18.1
Malicious
High

Mon Nov 24 2025; 4:14AM

View Report
npm
@postman/node-k...@7.9.2
Suspicious
High

Tue Nov 25 2025; 6:17AM

View Report
npm
@postman/tunnel...@0.6.5
Malicious
High

Mon Nov 24 2025; 5:06AM

View Report
npm
@postman/wdio-a...@0.0.7
Malicious
High

Mon Nov 24 2025; 5:06AM

View Report
npm
@postman/wdio-a...@0.0.8
Malicious
High

Mon Nov 24 2025; 5:11AM

View Report
npm
@postman/postma...@1.0.3
Malicious
High

Mon Nov 24 2025; 5:06AM

View Report
npm
@postman/postma...@1.0.4
Malicious
High

Mon Nov 24 2025; 5:11AM

View Report
npm
@postman/wdio-j...@0.0.4
Malicious
High

Mon Nov 24 2025; 5:05AM

View Report
npm
@postman/wdio-j...@0.0.5
Malicious
High

Mon Nov 24 2025; 5:11AM

View Report
npm
@postman/pm-bin...@1.24.5
Malicious
High

Mon Nov 24 2025; 5:15AM

View Report
npm
@postman/aether...@2.23.3
Malicious
High

Mon Nov 24 2025; 5:12AM

View Report
npm
@postman/aether...@2.23.4
Malicious
High

Mon Nov 24 2025; 5:15AM

View Report
WATCH THE GITHUB APP IN ACTION

See what happens after you click "Install".

See exactly how SafeDep installs, monitors dependencies, and stops malicious packages at the source, before they become incidents.

GitHub Install GitHub App

CVE scanners miss these. Malicious packages require a different approach.

Trojaned versions of real packages, typosquats, and obfuscated payloads bypass every traditional SCA tool. SafeDep detects them using purpose-built static analysis and human-verified threat intelligence.

Automatic PR scanning

Every PR Scanned Automatically

SafeDep runs on every pull request. New dependencies are checked against our threat intelligence feed before the merge is allowed.

Block before merge

Block Before Merge, Not After Incident

Malicious packages are caught in the pipeline, not in production. Failed checks prevent compromised code from reaching your main branch.

Zero configuration

No Config, No Maintenance

Install the GitHub App, select your repos, and you are protected. No YAML files to write, no CI scripts to maintain, no tokens to rotate.

Threat Intelligence

Powered by Continuous
Malicious Package Detection

SafeDep scans every new package published to npm, PyPI, Go, and more. Threats are detected on average 14 hours before public advisories.

See how it works
Threat analysis report
Real Attacks, Caught

litellm, telnyx, strapi

Detected before public disclosure

Compromised versions of popular packages published using stolen credentials. Credential theft, reverse shells, and persistent backdoors activated on install. SafeDep's threat intelligence detected them before public advisories were issued.

Explore Threat Intelligence
Dependency scanning illustration
Pipeline Integration

GitHub native.

No pipeline changes required.

SafeDep runs as a GitHub App with native check runs. Pull requests with malicious dependencies are blocked automatically. Status checks integrate with your existing branch protection rules.

GitHub Install GitHub App
Using GitLab or Bitbucket? Talk to us
Governance dashboard
Scale to Your Organization

From one repo to your entire organization.

The GitHub App protects individual repositories. The SafeDep platform gives your security team centralized visibility, org-wide policy enforcement, and compliance reporting across all of them.

Book a Demo
14hr
Avg Detection Lead
1000+
Malicious Packages Detected
5000+
Projects Protected
2M+
Packages Scanned

Protect Your Pipeline
In Minutes

Install the GitHub App, select your repos, and start blocking malicious packages. No configuration required.

GitHub Install GitHub App Book a Demo