npm

tensorflowjs

tensorflowjs is identified in the SafeDep analysis "TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers". A malicious NPM package targeting TensorFlow users was discovered on npm. The package uses typosquatting to target the popular `tensorflow` package.

discovered 2025-08-12

Threat types

typosquat

Malicious versions

1.0.0

Campaigns

No Specific Campaignattributed-to

Indicators

sha256863d274bbeb22ab969f742a06d89bdf0ababb99fdeb074a0fd9057f28b1ef257indicates
sha19066ceeb391d9c7ba6aba650109c2fa3f8e088ebindicates
email[email protected]exfiltrates-to
email[email protected]exfiltrates-to

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1036 Masquerading: package impersonation and typosquattinguses
ttpT1102 Web Serviceuses

Read the full analysis →