[SECURITY]: Malicious npm releases detected across `@redhat-cloud-services/` scope

CommunityNews · 1 June 2026 21:01

Ref: https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised https://app.stepsecurity.io/oss-security-feed?q=@redhat-cloud-services Affected Packages (updated) Pack…

Read in full here:

github.com/RedHatInsights/javascript-clients

opened 11:15AM - 01 Jun 26 UTC

sailikhith-stepsecurity

Ref: - https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-pack…ages-compromised - https://app.stepsecurity.io/oss-security-feed?q=@redhat-cloud-services ## Affected Packages (updated) | Package | Compromised Versions | |---------|---------------------| | `@redhat-cloud-services/chrome` | 2.3.1, 2.3.2, 2.3.4 | | `@redhat-cloud-services/compliance-client` | 4.0.3, 4.0.4, 4.0.6 | | `@redhat-cloud-services/config-manager-client` | 5.0.4, 5.0.5, 5.0.7 | | `@redhat-cloud-services/entitlements-client` | 4.0.11, 4.0.12, 4.0.14 | | `@redhat-cloud-services/eslint-config-redhat-cloud-services` | 3.2.1, 3.2.2, 3.2.4 | | `@redhat-cloud-services/frontend-components` | 7.7.2, 7.7.3, 7.7.5 | | `@redhat-cloud-services/frontend-components-advisor-components` | 3.8.2, 3.8.4, 3.8.6 | | `@redhat-cloud-services/frontend-components-config` | 6.11.3, 6.11.4, 6.11.6 | | `@redhat-cloud-services/frontend-components-config-utilities` | 4.11.2, 4.11.3, 4.11.5 | | `@redhat-cloud-services/frontend-components-notifications` | 6.9.2, 6.9.3, 6.9.5 | | `@redhat-cloud-services/frontend-components-remediations` | 4.9.2, 4.9.3, 4.9.5 | | `@redhat-cloud-services/frontend-components-testing` | 1.2.1, 1.2.2, 1.2.4 | | `@redhat-cloud-services/frontend-components-translations` | 4.4.1, 4.4.2, 4.4.4 | | `@redhat-cloud-services/frontend-components-utilities` | 7.4.1, 7.4.2, 7.4.4 | | `@redhat-cloud-services/hcc-feo-mcp` | 0.3.1, 0.3.2, 0.3.4 | | `@redhat-cloud-services/hcc-kessel-mcp` | 0.3.1, 0.3.2, 0.3.4 | | `@redhat-cloud-services/hcc-pf-mcp` | 0.6.1, 0.6.2, 0.6.4 | | `@redhat-cloud-services/host-inventory-client` | 5.0.3, 5.0.4, 5.0.6 | | `@redhat-cloud-services/insights-client` | 4.0.4, 4.0.5, 4.0.7 | | `@redhat-cloud-services/integrations-client` | 6.0.4, 6.0.5, 6.0.7 | | `@redhat-cloud-services/javascript-clients-shared` | 2.0.8, 2.0.9, 2.0.11 | | `@redhat-cloud-services/notifications-client` | 6.1.4, 6.1.5, 6.1.7 | | `@redhat-cloud-services/patch-client` | 4.0.4, 4.0.5, 4.0.7 | | `@redhat-cloud-services/quickstarts-client` | 4.0.11, 4.0.12, 4.0.14 | | `@redhat-cloud-services/rbac-client` | 9.0.3, 9.0.4, 9.0.6 | | `@redhat-cloud-services/remediations-client` | 4.0.4, 4.0.5, 4.0.7 | | `@redhat-cloud-services/rule-components` | 4.7.2, 4.7.3, 4.7.5 | | `@redhat-cloud-services/sources-client` | 3.0.10, 3.0.11, 3.0.13 | | `@redhat-cloud-services/topological-inventory-client` | 3.0.10, 3.0.11, 3.0.13 | | `@redhat-cloud-services/tsc-transform-imports` | 1.2.2, 1.2.4, 1.2.6 | | `@redhat-cloud-services/types` | 3.6.1, 3.6.2, 3.6.4 | | `@redhat-cloud-services/vulnerabilities-client` | 2.1.9, 2.1.11 |