Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity.
The affected packages are listed below -
@asyncapi/[email protected]
@asyncapi/[email protected]
@asyncapi/[email protected]
@asyncapi/specs(v6.11.2, v6.11.2-alpha.1)
"The
Source: TheHackerNews
Source Link: https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html