PkgRadar

Malware advisory

MAL-2026-3609

Malicious code in forge-jsxy (npm)

8 affected releases in the PkgRadar corpus · published 2026-05-06 · upstream advisory

Affected packages

PackageEcosystemVersionVerdictScanned (UTC)
forge-jsxynpm0.0.1-securityHigh risk2026-07-14
forge-jsxynpm1.0.121Low risk2026-06-10
forge-jsxynpm1.0.120Review2026-06-10
forge-jsxynpm1.0.108Low risk2026-06-10
forge-jsxynpm1.0.107Low risk2026-06-10
forge-jsxynpm1.0.105Low risk2026-06-10
forge-jsxynpm1.0.91Review2026-06-10
forge-jsxynpm1.0.92Low risk2026-06-10

PkgRadar blocks these releases at the CI gate before they reach your build. Start free or see all advisories.

MAL-2026-3609 — malicious package advisory | PkgRadar