MAL-2026-6533: Malicious code in react-dynamic-table-compenent (npm)
The npm package react-dynamic-table-compenent (note the misspelling) version 1.2.7 contains malicious code. Its postinstall script runs a setup script that fetches attacker-controlled code from a remote server and executes it via eval(), enabling remote code execution during installation. This package is a typosquat of react-dynamic-table-component designed to trick users into installing it. There is no official patch or fix information available.
AI Analysis
Technical Summary
The package react-dynamic-table-compenent version 1.2.7 is a malicious typosquatting npm package that executes arbitrary code on installation. Its postinstall script runs 'node dist/setup.js', which fetches JavaScript code from a remote URL and executes it using eval() in a function misleadingly named initDatabase. Because the fetched content is attacker-controlled and mutable, any installation of this package runs arbitrary code on the installer's machine. This represents a remote code execution threat delivered via supply chain compromise through a malicious package.
Potential Impact
Any user who installs react-dynamic-table-compenent version 1.2.7 will execute attacker-controlled code on their system during the npm install process. This can lead to full compromise of the development or build environment, data theft, or further malware deployment. The malicious code is dynamically fetched and can change over time, increasing the risk and unpredictability of impact.
Mitigation Recommendations
No official patch or remediation is currently documented. Users should avoid installing react-dynamic-table-compenent version 1.2.7 and verify package names carefully to avoid typosquatting attacks. Use trusted sources and package integrity verification where possible. Monitor vendor advisories for any updates or removal of the malicious package from npm.
MAL-2026-6533: Malicious code in react-dynamic-table-compenent (npm)
Description
The npm package react-dynamic-table-compenent (note the misspelling) version 1.2.7 contains malicious code. Its postinstall script runs a setup script that fetches attacker-controlled code from a remote server and executes it via eval(), enabling remote code execution during installation. This package is a typosquat of react-dynamic-table-component designed to trick users into installing it. There is no official patch or fix information available.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The package react-dynamic-table-compenent version 1.2.7 is a malicious typosquatting npm package that executes arbitrary code on installation. Its postinstall script runs 'node dist/setup.js', which fetches JavaScript code from a remote URL and executes it using eval() in a function misleadingly named initDatabase. Because the fetched content is attacker-controlled and mutable, any installation of this package runs arbitrary code on the installer's machine. This represents a remote code execution threat delivered via supply chain compromise through a malicious package.
Potential Impact
Any user who installs react-dynamic-table-compenent version 1.2.7 will execute attacker-controlled code on their system during the npm install process. This can lead to full compromise of the development or build environment, data theft, or further malware deployment. The malicious code is dynamically fetched and can change over time, increasing the risk and unpredictability of impact.
Mitigation Recommendations
No official patch or remediation is currently documented. Users should avoid installing react-dynamic-table-compenent version 1.2.7 and verify package names carefully to avoid typosquatting attacks. Use trusted sources and package integrity verification where possible. Monitor vendor advisories for any updates or removal of the malicious package from npm.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-6533
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a3ef79227e9c79719ff7b23
Added to database: 06/26/2026, 22:05:06 UTC
Last enriched: 06/26/2026, 22:18:28 UTC
Last updated: 06/26/2026, 22:18:28 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.