{
  "title": "Malware-Slop mouse5212-super-formatter npm Package Targets AI Workspaces",
  "summary": "Snyk and OX tracked mouse5212-super-formatter as a malicious npm package published on 2026-05-26 and removed on 2026-05-27. The package should be treated as credential theft risk for AI-assisted workspaces, Claude/Cursor context files, GitHub tokens, npm tokens, and build logs.",
  "date": "2026-06-01",
  "severity": "critical",
  "tags": [
    "npm",
    "supply-chain",
    "ai-tools",
    "credential-theft",
    "github"
  ],
  "sources_count": 4,
  "indicators": {
    "slug": "malware-slop-mouse5212-super-formatter",
    "since": "2026-05-26T17:30:57Z",
    "until": "2026-06-01T23:59:59Z",
    "ecosystem": "npm",
    "cves": [],
    "cwes": [
      "CWE-506"
    ],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "security.snyk.io",
      "registry.npmjs.org",
      "www.ox.security",
      "www.npmjs.com"
    ],
    "urls": [
      "https://security.snyk.io/vuln/SNYK-JS-MOUSE5212SUPERFORMATTER-16895729",
      "https://registry.npmjs.org/mouse5212-super-formatter",
      "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/",
      "https://www.npmjs.com/package/mouse5212-super-formatter"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}