[SECURITY]: Malicious npm releases detected across `@redhat-cloud-services/` scope · Issue #492 · RedHatInsights/javascript-clients · GitHub

//voltron/issues_fragments/issue_layout" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

//voltron/issues_fragments/issue_layout;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

RedHatInsights

javascript-clients

Public

Notifications<br>You must be signed in to change notification settings

Fork<br>33

Star

[SECURITY]: Malicious npm releases detected across @redhat-cloud-services/ scope #492

New issue<br>Copy link

New issue<br>Copy link

Open

Open<br>[SECURITY]: Malicious npm releases detected across @redhat-cloud-services/ scope#492

Copy link

Description

sailikhith-stepsecurity<br>opened on Jun 1, 2026

Issue body actions

Ref:

https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised

https://app.stepsecurity.io/oss-security-feed?q=@redhat-cloud-services

Affected Packages

Package<br>Compromised Version

@redhat-cloud-services/chrome<br>2.3.1

@redhat-cloud-services/compliance-client<br>4.0.3

@redhat-cloud-services/config-manager-client<br>5.0.4

@redhat-cloud-services/entitlements-client<br>4.0.11

@redhat-cloud-services/eslint-config-redhat-cloud-services<br>3.2.1

@redhat-cloud-services/frontend-components<br>7.7.2

@redhat-cloud-services/frontend-components-advisor-components<br>3.8.2

@redhat-cloud-services/frontend-components-config<br>6.11.3

@redhat-cloud-services/frontend-components-config-utilities<br>4.11.2

@redhat-cloud-services/frontend-components-notifications<br>6.9.2

@redhat-cloud-services/frontend-components-remediations<br>4.9.2

@redhat-cloud-services/frontend-components-testing<br>1.2.1

@redhat-cloud-services/frontend-components-translations<br>4.4.1

@redhat-cloud-services/frontend-components-utilities<br>7.4.1

@redhat-cloud-services/hcc-feo-mcp<br>0.3.1

@redhat-cloud-services/hcc-kessel-mcp<br>0.3.1

@redhat-cloud-services/hcc-pf-mcp<br>0.6.1

@redhat-cloud-services/host-inventory-client<br>5.0.3

@redhat-cloud-services/insights-client<br>4.0.4

@redhat-cloud-services/integrations-client<br>6.0.4

@redhat-cloud-services/javascript-clients-shared<br>2.0.8

@redhat-cloud-services/notifications-client<br>6.1.4

@redhat-cloud-services/patch-client<br>4.0.4

@redhat-cloud-services/quickstarts-client<br>4.0.11

@redhat-cloud-services/rbac-client<br>9.0.3

@redhat-cloud-services/remediations-client<br>4.0.4

@redhat-cloud-services/rule-components<br>4.7.2

@redhat-cloud-services/sources-client<br>3.0.10

@redhat-cloud-services/topological-inventory-client<br>3.0.10

@redhat-cloud-services/tsc-transform-imports<br>1.2.2

@redhat-cloud-services/types<br>3.6.1

Reactions are currently unavailable

Metadata<br>Metadata<br>Assignees

No one assigned

Labels

No labelsNo labels

Type

No type

Fields<br>Give feedback

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

You can’t perform that action at this time.