PkgRadar

Malware advisory

MAL-2026-4707

Malicious code in vue-compiler-sfc-plugin (npm)

2 affected releases in the PkgRadar corpus · published 2026-05-25 · upstream advisory

Affected packages

PackageEcosystemVersionVerdictScanned (UTC)
vue-compiler-sfc-pluginnpm3.5.26High risk2026-06-23
vue-compiler-sfc-pluginnpm3.5.25High risk2026-06-20

PkgRadar blocks these releases at the CI gate before they reach your build. Start free or see all advisories.

MAL-2026-4707 — malicious package advisory | PkgRadar