@cap-js/openapi

npm Compromised

1

report

Attack type: Worm

Reports

Worm Versions: = 1.4.1 39d ago by isitcompromised.com

Supply chain compromise via malicious @cap-js/openapi ### Impact On May 19, 2026, a compromised version of @cap-js/openapi@1.4.1 was published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that machine (npm tokens, cloud provider credentials, SSH keys, GitHub PATs) should be considered compromised. ### Patches Upgrade to @cap-js/openapi >= 1.4.2 If the compromised version was ever installed, rotate all affected credentials. ### Workarounds No w

View evidence

Have more info?

Submit additional evidence or a new report for this package.

Submit a report