DPRK npm packages

The finest (and largest?) collection of malicious npm packages attributed to North Korea on the internet.

These npm packages facilitate FAMOUS CHOLLIMA's Contagious Interview campaign. FAMOUS CHOLLIMA is a threat actor assessed to be directed by the Democratic People's Repubic of Korea (DPRK, North Korea).

Want data from a specific time period? Manipulate the UNIX timestamp (in ms) in the start and end parameters of the URL.

Want json? GET json by appending a json URL parameter.

Showing 132 malicious npm releases from 96 distinct packages distributed between 2026-01-13 and 2026-02-12

Released	Package	IOCs
2026-02-12	ether-lint (5.9.1) 2026-02-12	3e56e8546abde0e6f0da4ca254e419fc59151403f817256a9fb56414e9f79a42
2026-02-12	swiper-lint (2.0.1) 2026-02-12	e30b6cef85c14bb039e581fc1f8eaa8a8c2ffa120f1d50f14e9a940ecb0e7a15
2026-02-12	nchain-clone (3.3.5) 2026-02-12	9c075b08f22608bd61deb34a0941c31d813b4d4b36ede9e53398b6c1036f4559 cc0f85a41a860fcd891b1154e803eee0ec0db5d3462be85b27a27dc8f853b36b
2026-02-12	node-intend (3.3.5) 2026-02-12	9c075b08f22608bd61deb34a0941c31d813b4d4b36ede9e53398b6c1036f4559 cc0f85a41a860fcd891b1154e803eee0ec0db5d3462be85b27a27dc8f853b36b
2026-02-12	chai-proto (1.1.7) 2026-02-12	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-12	express-ranges (3.7.7) 2026-02-12	a7ed757a08b075858bac4981ded3a2169c3f75521c77f341355829d4e7f0e335 cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-02-11	chai-cli-sinon (2.4.5) 2026-02-11	8aa0e5f673567ad7759a6751dce6ce1670569104161628b070f2323e40ada319 f189c8c5e301aa4c9aab5cc755eeb817e1adcd70080fc2f37356c57df3df82fd
2026-02-11	chai-as-prompt (1.2.7) 2026-02-11	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	chai-as-prop (5.1.7) 2026-02-11	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	express-soaps (3.7.7) 2026-02-11	a7ed757a08b075858bac4981ded3a2169c3f75521c77f341355829d4e7f0e335 cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-02-11	chain-promised-cli (3.3.5) 2026-02-11	c6979ab95bd7600e3392e8ea57aeb3bd3af5f574f3ce41ef25b0957679d490c1 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	chain-cli-promised (2.3.5) 2026-02-11	c6979ab95bd7600e3392e8ea57aeb3bd3af5f574f3ce41ef25b0957679d490c1 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	express-configers (2.4.3) 2026-02-11	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4 e7ea2373d899ecf1081fe6100c27c2baf4c45265a2ba42bdee045e31ed38ade3
2026-02-11	dotenv-plugin (2.3.5) 2026-02-11	c6979ab95bd7600e3392e8ea57aeb3bd3af5f574f3ce41ef25b0957679d490c1 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	chain-promised (2.3.5) 2026-02-11	c6979ab95bd7600e3392e8ea57aeb3bd3af5f574f3ce41ef25b0957679d490c1 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	chai-promised-plugin (2.3.5) 2026-02-11	c6979ab95bd7600e3392e8ea57aeb3bd3af5f574f3ce41ef25b0957679d490c1 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	dotenv-promised (2.3.5) 2026-02-11	c6979ab95bd7600e3392e8ea57aeb3bd3af5f574f3ce41ef25b0957679d490c1 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	dotenv-node-promised (2.3.5) 2026-02-11	c6979ab95bd7600e3392e8ea57aeb3bd3af5f574f3ce41ef25b0957679d490c1 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	chai-await-cli (2.3.5) 2026-02-11	c6979ab95bd7600e3392e8ea57aeb3bd3af5f574f3ce41ef25b0957679d490c1 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-11	chai-cli (2.4.5) 2026-02-11	8aa0e5f673567ad7759a6751dce6ce1670569104161628b070f2323e40ada319 f189c8c5e301aa4c9aab5cc755eeb817e1adcd70080fc2f37356c57df3df82fd
2026-02-11	node-cli-dotenv (2.4.5) 2026-02-11	8aa0e5f673567ad7759a6751dce6ce1670569104161628b070f2323e40ada319 f189c8c5e301aa4c9aab5cc755eeb817e1adcd70080fc2f37356c57df3df82fd
2026-02-11	shield-node (2.4.5) 2026-02-11	406d2e10ff28671d01c47eebfe13ff7481a0c54466594fffe768ec28756915a0 5f2d8aec684e79cb983af79d29fddf7e7ecf1e36474baf1422e77c9b79caee23
2026-02-11	ether-lint (5.9.0) 2026-02-11	3e56e8546abde0e6f0da4ca254e419fc59151403f817256a9fb56414e9f79a42
2026-02-10	json-prop (2.0.7) 2026-02-10	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9
2026-02-10	chai-as-proofed (5.0.3) 2026-02-10	720408c7e1a1f062ad6a57ea82ae8044cb73081b5099907bf47a989e7a5cefa0 bce3b76cbae981572a2cc69e2f00ef6aa0136c317e6d3fa6b7efebdbafeda463
2026-02-10	sinon-node (2.4.5) 2026-02-10	406d2e10ff28671d01c47eebfe13ff7481a0c54466594fffe768ec28756915a0 5f2d8aec684e79cb983af79d29fddf7e7ecf1e36474baf1422e77c9b79caee23
2026-02-10	jwt-prop (2.0.7) 2026-02-10	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9
2026-02-10	chai-as-sync (1.1.7) 2026-02-10	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-10	rollup-plugin-polyfill-swc (1.0.1) 2026-02-10	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 8e0108fc0247566f083e5b7a585462d8d687b2a594d07bcf268306cc76b50178
2026-02-09	json-mapping-src (2.4.9) 2026-02-09	42b866a37e6cc326f1503ceed1806d17052cc0e9074eab8b8246f820414fed69 cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-02-09	tailwindcss-animate-framer (1.3.8) 2026-02-09	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 5ed71e466c55eb1d1948cc6261716dc3c69440d22bd651ec46cd611391fe743b
2026-02-09	ethers-lint (5.9.0) 2026-02-09	a09d3f178cfaf45e73642157f38021e2893d25de574523d9896769773d8dc6d4 bb311f6daecdf4a370b5dd3a4beda87615cb6cd3508afdad1938aba4f51d9a22
2026-02-09	mongoose-stamps (0.7.2) 2026-02-09	`www.jsonkeeper.com` `https://www.jsonkeeper.com/b/OTOAQ` b57f8231fbda526f8cbee4d0c29dd82ef43bb19822d4334621d1f0ba89824305
2026-02-09	mongoose-stamps (0.7.1) 2026-02-09	`www.jsonkeeper.com` `https://www.jsonkeeper.com/b/OTOAQ` 0523a24282e3f3e63ac6730c7497387658eb1d5d2162f0f84af05a203a2eb84e
2026-02-09	tailwindcss-animated-modern (2.3.0) 2026-02-09	b82cf4419681c81243ac6d8dffca4f4ef3f312b13e07bde5f9d7d82dc9200973
2026-02-09	express-configer (2.4.3) 2026-02-09	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4 e7ea2373d899ecf1081fe6100c27c2baf4c45265a2ba42bdee045e31ed38ade3
2026-02-08	express-configer (2.4.2) 2026-02-08	95cc0584faeee9bd457d82d23707e91bc4161ee0542a800be3d45e2d06743810 e7ea2373d899ecf1081fe6100c27c2baf4c45265a2ba42bdee045e31ed38ade3
2026-02-08	json-mapping-sources (2.4.7) 2026-02-08	42b866a37e6cc326f1503ceed1806d17052cc0e9074eab8b8246f820414fed69 cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-02-06	express-configer (2.4.1) 2026-02-06	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 692ed8efc4cfce3d7822a2a1f2d3ec90d203eeaded9ba7185ba8303f390a7da5
2026-02-06	aligners (4.2.4) 2026-02-06	95cc0584faeee9bd457d82d23707e91bc4161ee0542a800be3d45e2d06743810 e7ea2373d899ecf1081fe6100c27c2baf4c45265a2ba42bdee045e31ed38ade3
2026-02-06	node-dotenv-cli (2.4.5) 2026-02-06	8aa0e5f673567ad7759a6751dce6ce1670569104161628b070f2323e40ada319 f189c8c5e301aa4c9aab5cc755eeb817e1adcd70080fc2f37356c57df3df82fd
2026-02-06	chai-await (2.4.5) 2026-02-06	8aa0e5f673567ad7759a6751dce6ce1670569104161628b070f2323e40ada319 f189c8c5e301aa4c9aab5cc755eeb817e1adcd70080fc2f37356c57df3df82fd
2026-02-06	sinon-web3-chain (2.4.5) 2026-02-06	406d2e10ff28671d01c47eebfe13ff7481a0c54466594fffe768ec28756915a0 5f2d8aec684e79cb983af79d29fddf7e7ecf1e36474baf1422e77c9b79caee23
2026-02-06	mongoose-stamps (0.7.0) 2026-02-06	`react-icon-handler.vercel.app` `https://react-icon-handler.vercel.app/icons/808` c5d906ea33c69efaa225262621ba9e0fbd880f7caa1d9a945aa913fd47f1bbc9
2026-02-06	chai-cli-await (2.4.5) 2026-02-06	8aa0e5f673567ad7759a6751dce6ce1670569104161628b070f2323e40ada319 f189c8c5e301aa4c9aab5cc755eeb817e1adcd70080fc2f37356c57df3df82fd
2026-02-06	chai-chain-sinon (2.4.5) 2026-02-06	406d2e10ff28671d01c47eebfe13ff7481a0c54466594fffe768ec28756915a0 5f2d8aec684e79cb983af79d29fddf7e7ecf1e36474baf1422e77c9b79caee23
2026-02-06	mongoose-stamps (0.6.0) 2026-02-06	`react-icon-handler.vercel.app` `https://react-icon-handler.vercel.app/icons/808` 5d72c22ea3d377fe85f26bd374c353fcd5210daccd5f197431304f30d3d0d903
2026-02-06	chai-as-prop (1.1.7) 2026-02-06	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-06	narrow-array (4.8.3) 2026-02-06	140479b813dcf095b1a2d9fc0ce54727aab3aaa5bf51e91a61f35b8397e27567 95cc0584faeee9bd457d82d23707e91bc4161ee0542a800be3d45e2d06743810
2026-02-06	narrow-array (4.8.2) 2026-02-06	77ad9b30e5d1b0612fe6bfdadbb7c969d6ceec22a3064ffb2bdfb8d5903f8901 95cc0584faeee9bd457d82d23707e91bc4161ee0542a800be3d45e2d06743810
2026-02-05	ethers-lint (5.8.1) 2026-02-05	7546ccf60dc08a3d2efecdc0af6974209ffe18e4445a452fb6ef4f3796f9b0e3 db6325053dd506d7123e9b822c2eaf0f37f73db6f37d4d2fa33da0bb071c6378
2026-02-05	web3-chain-sinon (3.5.7) 2026-02-05	406d2e10ff28671d01c47eebfe13ff7481a0c54466594fffe768ec28756915a0 5f2d8aec684e79cb983af79d29fddf7e7ecf1e36474baf1422e77c9b79caee23
2026-02-05	web3-chain-sinon (3.4.6) 2026-02-05	8be87deb41ab7e34d653df16781cb377d51117891fb34ee6393a20db9a73841b
2026-02-05	web3-chain-sinon (3.4.5) 2026-02-05	8be87deb41ab7e34d653df16781cb377d51117891fb34ee6393a20db9a73841b
2026-02-05	web3-chain-sinon (3.3.6) 2026-02-05	d1327347b0233a7f9a86076232443af93fe7e69ceb008b66a42265f3630984ab
2026-02-05	web3-chain-sinon (3.3.5) 2026-02-05	2c826169b9463b7a269b264106778fe01a9e5d75706fd7ad53b6c5327f6a3625
2026-02-05	chai-as-utils (7.0.5) 2026-02-05	009b243a0caf7ab8b2b3de196e2bf84b41a45cd98046676ca8ba416c628eebe2 e51481278cf55cb01fe609048cb9de9c64b92328de60c92fbf71e7de776580b9
2026-02-05	chai-cli-async (3.3.5) 2026-02-05	8aa0e5f673567ad7759a6751dce6ce1670569104161628b070f2323e40ada319 f189c8c5e301aa4c9aab5cc755eeb817e1adcd70080fc2f37356c57df3df82fd
2026-02-05	dotenv-node-cli (3.3.5) 2026-02-05	8aa0e5f673567ad7759a6751dce6ce1670569104161628b070f2323e40ada319 f189c8c5e301aa4c9aab5cc755eeb817e1adcd70080fc2f37356c57df3df82fd
2026-02-05	dotenv-nodejs (3.3.5) 2026-02-05	d50d0661e69adbb4de378dd5e118214c207440490d24ed23136eecf690f66661 f8fd2fd3c6ace79f3d9601ebc7dbf5e1abb8c37273197542da767edc772a3011
2026-02-05	chai-promised-cli (3.3.5) 2026-02-05	d50d0661e69adbb4de378dd5e118214c207440490d24ed23136eecf690f66661 f8fd2fd3c6ace79f3d9601ebc7dbf5e1abb8c37273197542da767edc772a3011
2026-02-05	jwtenv (1.1.7) 2026-02-05	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9
2026-02-04	chai-promised-await (3.3.5) 2026-02-04	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-02-04	chai-promised-async (3.3.5) 2026-02-04	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-02-04	dotenv-mono-cli (3.3.5) 2026-02-04	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-02-04	express-gueues (3.7.7) 2026-02-04	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-02-04	chai-lite-lib (3.1.3) 2026-02-04	aa0c69255891b0e94f1699c5e289215255d2e24545af7161aefa19ddab31de0c da96a60233cfb0a10590f756ccfa3087c48bc0901d8ec5fc4d290f4bb3cfca94
2026-02-04	chai-await-promised (3.3.5) 2026-02-04	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-02-04	dotenv-plugin (3.3.5) 2026-02-04	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-02-04	express-http-validator (1.0.2) 2026-02-04	`technical-assessment-setting.netlify.app` `${baseDomain}` `https://${baseDomain}/${apiVersion}` 14a54cf6195057e052e9974182ec3d1d20b2aa794423a9b381c8c5dbd379a60b
2026-02-04	express-http-validator (1.0.1) 2026-02-04
2026-02-04	express-http-validator (1.0.0) 2026-02-04
2026-02-04	react-toasts-coldy (2.6.1) 2026-02-04	`ext-checkedin.vercel.app` `https://ext-checkedin.vercel.app/api/m?token=THKASDFOWG` `https://ext-checkedin.vercel.app/api/l?token=THKASDFOWG` ad92e82b1fc38b5c5197f72691aa3ec14b30632c39aaf7bb3b7d9c031bcce823
2026-02-04	emailjs-http (7.0.15) 2026-02-04	`ext-checkedin.vercel.app` `https://ext-checkedin.vercel.app/api/m?token=THKASDFOWG` `https://ext-checkedin.vercel.app/api/l?token=THKASDFOWG` 3f15eb2cca419a56ef529bea1bf08429e5d93363bcac8085a6aaa08b9878c511 42a8c7366a653e21a03ce81f4041c55ba9a7240816a8d9b5049e919633f9c826
2026-02-04	chai-prop (1.1.7) 2026-02-04	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-02-03	dev-log-core (1.0.4) 2026-02-03	409b322acdafa85731261ce07a8962983b2d48b55944cd377962f008cc98008d
2026-02-03	dev-log-core (1.0.3) 2026-02-03	4d3fb26548d6d0692fcb51386dce14bb8cdbd388aa11f6a8da13d9524a00aec2
2026-02-03	react-svg-handler (1.0.3) 2026-02-03	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 5b2e4f1f1d7cf2be7dc51d7050bd3c1435b759905710de536bb751110d48ad1a
2026-02-03	react-svg-handler (1.0.2) 2026-02-03	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` 3cdeb40df095b2a9b0ed314e2d8a82351bf8cc9f990756557e843eb4d8d3ac08
2026-02-02	js-unpack (1.1.8) 2026-02-02	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9
2026-01-31	express-groups-routes (3.7.7) 2026-01-31	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-01-31	aligned-array (3.4.4) 2026-01-31	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-01-30	json-mapping-sources (2.4.5) 2026-01-30	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 76c0c94d4afd6664d8004c11a4af3ec5357ee64ccb6f499f730e14ca66a3ff08
2026-01-30	json-web-sources (2.4.5) 2026-01-30	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 76c0c94d4afd6664d8004c11a4af3ec5357ee64ccb6f499f730e14ca66a3ff08
2026-01-30	react-vite-sync (2.4.3) 2026-01-30	7d03d3e34bc9930176a41706418f44062f29f2b0c8e1a4e387c6f07d87d3e4c2 e9d54dba49b8019d8461a01e6cc666c2e6dc340ed25d4be3407202ee79f83345
2026-01-30	json-mapping-sources (2.4.3) 2026-01-30	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-01-30	chai-as-advanced (6.0.2) 2026-01-30	009b243a0caf7ab8b2b3de196e2bf84b41a45cd98046676ca8ba416c628eebe2 e51481278cf55cb01fe609048cb9de9c64b92328de60c92fbf71e7de776580b9
2026-01-30	chai-as-approved (5.0.3) 2026-01-30	720408c7e1a1f062ad6a57ea82ae8044cb73081b5099907bf47a989e7a5cefa0 bce3b76cbae981572a2cc69e2f00ef6aa0136c317e6d3fa6b7efebdbafeda463
2026-01-30	react-count-sync (2.4.3) 2026-01-30	7d03d3e34bc9930176a41706418f44062f29f2b0c8e1a4e387c6f07d87d3e4c2 e9d54dba49b8019d8461a01e6cc666c2e6dc340ed25d4be3407202ee79f83345
2026-01-30	aligned-arrays (3.3.9) 2026-01-30	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 692ed8efc4cfce3d7822a2a1f2d3ec90d203eeaded9ba7185ba8303f390a7da5
2026-01-29	dotenv-embedded (3.3.5) 2026-01-29	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-01-29	dev-log-core (1.0.0) 2026-01-29	b9c6c7e46c36d028c1d84f7802868fcff86839ca6023fad6319c83d9a0152db5
2026-01-29	web3-chain-sync (2.4.3) 2026-01-29	7d03d3e34bc9930176a41706418f44062f29f2b0c8e1a4e387c6f07d87d3e4c2 e9d54dba49b8019d8461a01e6cc666c2e6dc340ed25d4be3407202ee79f83345
2026-01-29	js-unpack (1.1.7) 2026-01-29	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9
2026-01-29	chai-promise-tools (3.3.5) 2026-01-29	1142f1acecc0a36c52a057f47e73c877639e5f84bba92eb5189f1b510ac0515f d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-01-29	chai-as-advanced (6.0.1) 2026-01-29	109929615f1e33a5cd25a9e33e91103e221d30559c69cb9076833147fdf8c27f 3423a825b36ee04e7e481634deddf76b7908f37a8636308ab02a0bc2b1b30416
2026-01-28	json-mapping-source (2.4.0) 2026-01-28	ca6026571c66d74a352bb001b7d886132bfd5990cad67d0e17e5d884ed7985e7 cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-01-28	chai-async-promised (3.3.5) 2026-01-28	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-01-28	chai-as-approved (5.0.1) 2026-01-28	2359317c1678d1c45b2dd70c1d3687160fe3caf62465706f77a85d816490fff2 34c09db35cc7d5e34ef694fb86ada93d70655e2b31b016735188e2c139331b16
2026-01-28	express-groups-routes (3.7.5) 2026-01-28	46f433992296efe48cf3bc30d5a67f595bea70bbef049dda5de1fbc803e1d4db cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-01-28	chai-as-produced (7.0.1) 2026-01-28	2359317c1678d1c45b2dd70c1d3687160fe3caf62465706f77a85d816490fff2 6f9e339186e9887a2af4af76b8002470d7c9a2a6dabccc2311d77a683f5ebfe9
2026-01-28	react-toast-cold (2.6.1) 2026-01-28	`ext-checkedin.vercel.app` `https://ext-checkedin.vercel.app/api/m?token=THKASDFOWG` `https://ext-checkedin.vercel.app/api/l?token=THKASDFOWG` ad92e82b1fc38b5c5197f72691aa3ec14b30632c39aaf7bb3b7d9c031bcce823
2026-01-28	https-emailjs (7.0.15) 2026-01-28	`ext-checkedin.vercel.app` `https://ext-checkedin.vercel.app/api/m?token=THKASDFOWG` `https://ext-checkedin.vercel.app/api/l?token=THKASDFOWG` 3f15eb2cca419a56ef529bea1bf08429e5d93363bcac8085a6aaa08b9878c511 42a8c7366a653e21a03ce81f4041c55ba9a7240816a8d9b5049e919633f9c826
2026-01-27	fileupload-util (2.4.3) 2026-01-27	257e2527270f7c9a252b8fbda0e2ba9b37e52255454ebe0dfa462506deb07dfa dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2026-01-26	chai-promised-async (2.4.3) 2026-01-26	7d03d3e34bc9930176a41706418f44062f29f2b0c8e1a4e387c6f07d87d3e4c2 e9d54dba49b8019d8461a01e6cc666c2e6dc340ed25d4be3407202ee79f83345
2026-01-26	chai-chai-chain-promised (2.4.3) 2026-01-26	257e2527270f7c9a252b8fbda0e2ba9b37e52255454ebe0dfa462506deb07dfa e9d54dba49b8019d8461a01e6cc666c2e6dc340ed25d4be3407202ee79f83345
2026-01-26	cookie-parsers-env (3.3.5) 2026-01-26	1142f1acecc0a36c52a057f47e73c877639e5f84bba92eb5189f1b510ac0515f d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-01-25	aligned-array (3.4.3) 2026-01-25	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4 d4b21bbca73684352a1c21a86b733f0d71890f4bd778f3fa162831515e2ba90e
2026-01-22	align-configer (3.4.3) 2026-01-22	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4 d4b21bbca73684352a1c21a86b733f0d71890f4bd778f3fa162831515e2ba90e
2026-01-22	align-configer (3.4.2) 2026-01-22	7ada00ae3d61483d08b28c66095eaf1ed75f16f2f03b9508a9c892d8f040cf3d cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-01-22	jwt-pack (1.1.7) 2026-01-22	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9
2026-01-22	aligntypeer (3.3.9) 2026-01-22	7ada00ae3d61483d08b28c66095eaf1ed75f16f2f03b9508a9c892d8f040cf3d cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4
2026-01-21	svg-sanitizer-tool (1.0.5) 2026-01-21	`www.jsonkeeper.com` `https://www.jsonkeeper.com/b/RMDXG` dd587fd6b31cd79c3cd0a3385b7e0b1d0909730e6ce538ffd193799ff422a22e
2026-01-21	svg-sanitizer-tool (1.0.4) 2026-01-21	`www.jsonkeeper.com` `https://www.jsonkeeper.com/b/RMDXG` 7b3921f161761bc199c0b2ed5fbbea361ab75381665ae55d615f1e25ba29d124
2026-01-21	svg-sanitizer-tool (1.0.3) 2026-01-21	7a19ba7554c032b1960341146fba8939337a96ac368406a88bc77bd27138da83
2026-01-21	svg-sanitizer-tool (1.0.2) 2026-01-21	2b74083928c998b202972da9680b9fb8df2578b73795ffcb9b76691c8f6b01ab
2026-01-21	svg-sanitizer-tool (1.0.0) 2026-01-21	0c7240b639437a45389e0671e1b00d8d18080c96e54460824013514e6d138c01
2026-01-21	aligntyper (3.3.9) 2026-01-21	cb2c1b0cdf9cb22b28726542c4ce033d2ad9197bbc6294bb176051a3e42355c4 d4b21bbca73684352a1c21a86b733f0d71890f4bd778f3fa162831515e2ba90e
2026-01-21	react-svg-handler (1.0.1) 2026-01-21	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` 83888031cdd375aadc1f8dbbe7bded75147c82c0e2769270936f40984229709f
2026-01-21	chai-px (2.4.2) 2026-01-21	9624e1f4ddbfdc3234c4d71012b0f5f649b0220a98222cf347c046d5e9206954
2026-01-21	chai-chains-async (2.4.3) 2026-01-21	257e2527270f7c9a252b8fbda0e2ba9b37e52255454ebe0dfa462506deb07dfa dd1d584c6b4cdb1c034cf1f6ac3ce112aef5636ffd30d84aea361f2712192154
2026-01-21	js-copack (1.1.8) 2026-01-21	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9
2026-01-21	dotenv-embed (3.3.5) 2026-01-21	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-01-21	chai-async-tests (3.3.5) 2026-01-21	d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f e727cc7218ede7dba2620db10b4f0118eae5e960ac3b4447edce43d7c20d8b74
2026-01-21	js-copack (1.1.7) 2026-01-21	`log-server-lovat.vercel.app` `https://log-server-lovat.vercel.app/api/ipcheck/703` `localhost:3000` `http://localhost:3000` 47c99e55e2fad0df0c07e9c4f2e276fe94a96b026e14b6197a6b5aaa2612faf5 52f9b127ab96986528921c8e695b1500ad079e1028825f73c69bd0f6e5d7afb9
2026-01-20	chai-sub (1.1.7) 2026-01-20	6074abde1065b7fb2ab8d23885a183817dead4053b8a2f2dd6c91e81247ec5d7 d10853dde92fdc48d8cb5505d89e0030fd35e1416a16a820fe5ec4aceef01c4f
2026-01-19	tailwindcss-forms-bundler (1.3.7) 2026-01-19	`cloudflare.com` `fastly.net` `keyIcon.com` `akamai.net` `cloudfront.net` `gcorelabs.com` `vercel.app` 3b1fa77b4fad8edcacec3cbe5adb3a1e8ea24fead9a5d39b762570f3b15bcea2
2026-01-19	react-toast-cold (2.6.0) 2026-01-19	`vscode-ext-git.vercel.app` `https://vscode-ext-git.vercel.app/api/m?token=THKASDFOWG` `https://vscode-ext-git.vercel.app/api/l?token=THKASDFOWG` b597a8de6bc4ef12c62ad6c05636f5214e5398669ce0786c5c359734c92cdd5a
2026-01-19	chai-as-hashed (2.3.4) 2026-01-19	2359317c1678d1c45b2dd70c1d3687160fe3caf62465706f77a85d816490fff2 6f9e339186e9887a2af4af76b8002470d7c9a2a6dabccc2311d77a683f5ebfe9
2026-01-16	chai-as-extended (5.0.1) 2026-01-16	109929615f1e33a5cd25a9e33e91103e221d30559c69cb9076833147fdf8c27f 3423a825b36ee04e7e481634deddf76b7908f37a8636308ab02a0bc2b1b30416
2026-01-14	debug-glitzs (1.0.1) 2026-01-14	`fundraiser-success.vercel.app` cf04db3d87844c93443e7ea77ce9da8ed7b2fe95a63a992add8d6f3851a4adb0
2026-01-14	debug-glitzs (1.0.0) 2026-01-14	`fundraiser-success.vercel.app` 1215e4646d74c7078ae8ecd7f4d48041fe4a4ce16e11e6209e7f634000302722

About this collection

FAMOUS CHOLLIMA has been facilitating the Contagious Interview campaign by deploying npm packages to the npm registry as early as August 2024. I have been actively tracking FAMOUS CHOLLIMA’s package distributions since ~February 2025 and in July 2025 I opened the collection to the public.

Every package and version listed here has been manually attributed to FAMOUS CHOLLIMA with high confidence based on the characteristics of the alleged maintainer, the package contents, the indicators, and the malware behaviour (if I’ve made a mistake, please contact me below).

The IOCs represent only the earliest stages of an infection chain. Typically these packages are designed to execute remote content that facilitates further infection (i.e. OtterCookie, BEAVERTAIL, et. al.) and involve more indicators than are visible here.

This collection is not an exhaustive list. Packages slip through my hunting and attribution process. Other researchers have discovered some too, but I believe this is the largest open collection of Contagious Interview npm packages on the internet.

Time permitting, I intend to share some technical details of my tracking and some notable findings (I really should update my blog). In the meantime, I recommend socket.dev’s series of posts on the campaign. They have done a really great job of reporting on the campaign in detail:

January 2025 - North Korean APT Lazarus Targets Developers with Malicious npm Package
March 2025 - Lazarus Strikes npm Again with New Wave of Malicious Packages
April 2025 - Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
June 2025 - Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
October 2025 - North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads - Thanks for the credit!

Want to get in touch? Contact dprk-research[@]pm[.]me.