MALICIOUS (1) campaign cataloged at 2026-03-16(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-03-color-list

Malicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package. Packages were published simultaneously by two accounts not used for about a year, suggesting hijacked access.

Abuse categories

obfuscation

Code uses obfuscation techniques to hide its true purpose.

through_dependency

The malicious code is intentionally included in a dependency of the package

Packages in the campaign

campaign:2026-03-color-list

• color-list
• pretty-tabulate