Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

MAL-2026-10687: Malicious code in selparsecss-selector (npm)

0
High
Published: 07/15/2026 (07/15/2026, 17:54:33 UTC)
Source: GCVE Database
Product: selparsecss-selector

Description

The selparsecss-selector npm package versions 1.0.0, 1.1.0, 2.0.0, and 2.1.0 is a malicious fork impersonating the legitimate postcss-selector-parser package. It includes obfuscated code that executes child_process commands, which are unnecessary for a CSS selector parser, indicating malicious intent. The package uses bytenode to load opaque bytecode files, further hiding its malicious payload. This supply-chain attack targets developers intending to use the legitimate postcss-selector-parser package.

Affected software

npmghsa
selparsecss-selector
Affected versions
=1.1.0=2.0.0=1.0.0=2.1.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 11:25:05 UTC

Technical Analysis

[email protected], 1.1.0, 2.0.0, and 2.1.0 is a name-confusion fork of the legitimate postcss-selector-parser npm package. It impersonates the original author and copies the source and license verbatim but includes a large obfuscated bundle that executes shell commands via child_process, which is unnecessary for its stated functionality. The package also uses bytenode to load obfuscated V8 bytecode files, making inspection difficult. This combination of impersonation, obfuscation, and execution of shell commands constitutes a supply-chain attack targeting developers who intended to install the legitimate package.

Potential Impact

The malicious package can execute arbitrary shell commands on the developer's system due to the use of child_process exec and execSync calls. This can lead to compromise of the development environment, potential data theft, or further malware installation. The obfuscation and use of bytenode bytecode loading hinder detection and analysis, increasing the risk of unnoticed compromise.

Mitigation Recommendations

No official patch or remediation is currently documented. Users should avoid installing selparsecss-selector versions 1.0.0, 1.1.0, 2.0.0, and 2.1.0. Instead, they should verify the authenticity of packages before installation, prefer the legitimate postcss-selector-parser package, and audit dependencies for suspicious or impersonated packages. Monitor package sources and use tools that detect malicious npm packages. Patch status is not yet confirmed — check the vendor advisory or npm security advisories for updates.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
MAL-2026-10687
Osv Schema Version
1.7.4
Aliases
[]
Ecosystems
["npm"]
Database Specific Severity
null
Cvss Version
null

Threat ID: 6a58b44b68715ace43d6b522

Added to database: 07/16/2026, 10:36:59 UTC

Last enriched: 07/16/2026, 11:25:05 UTC

Last updated: 07/17/2026, 03:38:29 UTC

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses