malware
npm
nodemon-sudo
discovered 2026-07-09Byte-for-byte clone of the real nodemon process monitor (keeps author 'Remy Sharp', real bin/nodemon.js and every lib file), version-inflated to 3.1.16 (one bump above real nodemon 3.1.14) to read as ahead of upstream. Carrier only: injects a single malicious runtime dependency, [email protected] (and promotes chai to a runtime dep); nodemon-sudo's own code never imports tslint-conf. No install lifecycle hook. Published 2026-07-07 by npm account conodeeth. SafeDep isMalware=true CONFIDENCE_HIGH.
Threat types
typosquat other
Malicious versions
- 3.1.16 · aa9b9847e4ffd894…