@beproduct/nestjs-auth

npm Compromised

1

report

Attack type: Script abuse

Reports

Script abuse CVE-2026-46412 Versions: >= 0.1.2, <= 0.1.19 10d ago by isitcompromised.com

Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm ## Summary Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of `@beproduct/nestjs-auth` (0.1.2 through 0.1.19). The packages contained payloads from the **Mini Shai-Hulud** npm supply-chain worm campaign described by [Aikido Security](https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised). npm Security removed the malicious versions from the registry shortly after publication, but anyone who ran `np

View evidence

Have more info?

Submit additional evidence or a new report for this package.

Submit a report