PkgRadar

Malware advisory

MAL-2026-2509

Malicious code in @langgraphjs/toolkit (npm)

7 affected releases in the PkgRadar corpus · published 2026-04-07 · upstream advisory

Affected packages

PackageEcosystemVersionVerdictScanned (UTC)
@langgraphjs/toolkitnpm0.0.1-securityHigh risk2026-07-14
@langgraphjs/toolkitnpm1.2.13High risk2026-07-07
@langgraphjs/toolkitnpm1.2.12High risk2026-06-28
@langgraphjs/toolkitnpm1.2.11High risk2026-06-24
@langgraphjs/toolkitnpm1.2.8High risk2026-06-24
@langgraphjs/toolkitnpm1.2.9High risk2026-06-23
@langgraphjs/toolkitnpm1.2.10High risk2026-06-23

PkgRadar blocks these releases at the CI gate before they reach your build. Start free or see all advisories.

MAL-2026-2509 — malicious package advisory | PkgRadar