MAL-2026-6534: Malicious code in react-dynammic-table-component (npm)
The npm package react-dynammic-table-component version 1.2.7 contains malicious code that executes arbitrary JavaScript during installation. This is achieved via a preinstall script that fetches code from an attacker-controlled URL and runs it with eval(), allowing execution of any code with the installer's privileges. The malicious behavior is disguised inside a function misleadingly named initDatabase within a React UI component. The fetched code is unverified and can be changed at any time without republishing the package, enabling ongoing attacker control. This results in immediate and unrestricted risk to the installing user.
AI Analysis
Technical Summary
The react-dynammic-table-component npm package version 1.2.7 declares a preinstall lifecycle script that runs automatically on npm install. This script performs an HTTPS GET request to an attacker-controlled domain and passes the response body directly to eval(), executing arbitrary JavaScript code on the installer's machine with the user's privileges. The malicious code is hidden inside a function named initDatabase, which does not perform any database operations but serves as a cover story. Because the fetched code is unpinned and mutable by the attacker, they can change the executed payload at any time without republishing the package. This allows for a wide range of malicious activities including credential theft, persistence, lateral movement, and dependency tampering.
Potential Impact
Any user installing react-dynammic-table-component version 1.2.7 will execute attacker-controlled code with their user privileges during installation. This can lead to credential theft, installation of persistent malware, lateral movement within networks, tampering with dependencies, and other malicious actions. The impact is immediate and unbounded due to the dynamic and unverified nature of the fetched code.
Mitigation Recommendations
No official patch or remediation is currently available for this malicious package version. Users should avoid installing react-dynammic-table-component version 1.2.7. If already installed, remove the package and audit systems for compromise. Use trusted package sources and verify package integrity before installation. Monitor vendor advisories for updates or official fixes.
MAL-2026-6534: Malicious code in react-dynammic-table-component (npm)
Description
The npm package react-dynammic-table-component version 1.2.7 contains malicious code that executes arbitrary JavaScript during installation. This is achieved via a preinstall script that fetches code from an attacker-controlled URL and runs it with eval(), allowing execution of any code with the installer's privileges. The malicious behavior is disguised inside a function misleadingly named initDatabase within a React UI component. The fetched code is unverified and can be changed at any time without republishing the package, enabling ongoing attacker control. This results in immediate and unrestricted risk to the installing user.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The react-dynammic-table-component npm package version 1.2.7 declares a preinstall lifecycle script that runs automatically on npm install. This script performs an HTTPS GET request to an attacker-controlled domain and passes the response body directly to eval(), executing arbitrary JavaScript code on the installer's machine with the user's privileges. The malicious code is hidden inside a function named initDatabase, which does not perform any database operations but serves as a cover story. Because the fetched code is unpinned and mutable by the attacker, they can change the executed payload at any time without republishing the package. This allows for a wide range of malicious activities including credential theft, persistence, lateral movement, and dependency tampering.
Potential Impact
Any user installing react-dynammic-table-component version 1.2.7 will execute attacker-controlled code with their user privileges during installation. This can lead to credential theft, installation of persistent malware, lateral movement within networks, tampering with dependencies, and other malicious actions. The impact is immediate and unbounded due to the dynamic and unverified nature of the fetched code.
Mitigation Recommendations
No official patch or remediation is currently available for this malicious package version. Users should avoid installing react-dynammic-table-component version 1.2.7. If already installed, remove the package and audit systems for compromise. Use trusted package sources and verify package integrity before installation. Monitor vendor advisories for updates or official fixes.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-6534
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a3ef79227e9c79719ff7b20
Added to database: 06/26/2026, 22:05:06 UTC
Last enriched: 06/26/2026, 22:18:19 UTC
Last updated: 06/26/2026, 22:18:19 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.