Four compromised npm packages in the @asyncapi namespace have
been observed distributing a multi-stage botnet loader, according
to findings from OX Security, SafeDep, Socket, and StepSecurity.
The affected packages are listed below -
@asyncapi/[email protected]
@asyncapi/[email protected] @asyncapi/[email protected]
@asyncapi/specs(v6.11.2, v6.11.2-alpha.1) "The
Read more https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html

