Clob dropper

Attribution basis

These are the signal classes linking the members of this campaign — the broad evidence categories we use to attribute a package, not the raw indicators themselves.

• shared malware fingerprint
• OSV advisory cluster
• shared publisher account

Sample attributed packages

• @achuthanmukundan00/synax@0.3.0-beta.1
• @achuthanmukundan00/synax@0.3.0-beta
• nuxs-capsule@0.5.59
• nuxs-capsule@0.5.58
• @mintplex-labs/tab-complete@1.0.3
• @wacrot/infra-data-kit@2.1.4
• nuxs-capsule@0.5.56
• @exellix/graph-composer@2.7.9
• nuxs-capsule@0.5.55
• @wacrot/infra-data-kit@2.1.2
• nuxs-capsule@0.5.54
• @bike4mind/cli@0.0.0-feat-opti-graph-partitioning-20260612213320
• nuxs-capsule@0.5.53
• nuxs-capsule@0.5.52
• vfx-web-sdk@2.0.12
• vfx-web-sdk@2.0.13
• vfx-web-sdk@2.0.14
• vfx-web-sdk@3.0.0
• nuxs-capsule@0.5.51
• index-ulid@3.0.3
• nuxs-capsule@0.5.49
• nuxs-capsule@0.5.50
• nuxs-capsule@0.5.48
• @amazon-devices/react-native-fast-image@3.0.7
• @amazon-devices/react-native-fast-image@3.0.12-rn-83
• nuxs-capsule@0.5.47
• nuxs-capsule@0.5.46
• nuxs-capsule@0.5.44
• nuxs-capsule@0.5.45
• @mintplex-labs/tab-complete@1.0.2

PkgRadar attributes coordinated supply-chain campaigns and blocks their packages at the CI gate. Start free or see all tracked campaigns.