VT to check for malicious npm packages

npm is a widely used package manager and software registry/repository for projects using the JavaScript programming language.

Since quite some time unknown threat actors are trying to inject / publish malicious npm packages into the software registry with the goal to e.g. discover and exfiltrate sensitive data (private SSH keys, bash history, credentials, environment variables).

Based on an article published a few months ago in Hunting Malicious npm Packages | Decipher a new VT to check for such malicious npm packages was created in June 2018:

Malicious npm package detection (OID:

On authenticated scans against a Linux target (see requirements on target systems with linux for more information) the VT will report any detected malicious npm packages.

Just recently coverage for the package flatmap-stream (which had the goal to steal a bitcoin wallet from users of Copay) was added.