Malicious Package Affecting tailwind-mainanimation package, versions *
Threat Intelligence
Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-TAILWINDMAINANIMATION-15459762
- published11 Mar 2026
- disclosed11 Mar 2026
- creditThe OpenSourceMalware team
Introduced: 11 Mar 2026
New Malicious CVE NOT AVAILABLE CWE-506 (opens in a new tab)How to fix?
Avoid using all malicious instances of the tailwind-mainanimation package.
Overview
tailwind-mainanimation is a malicious package.
Upon installation, it silently injects obfuscated JavaScript into the end of legitimate project configuration files (like tailwind.config.js).
To evade detection, the malware rewrites git history, forging timestamps so the malicious commit appears untouched. The injected script acts as a blockchain-based dead drop resolver, querying TRON or Aptos networks to retrieve and decrypt the final Beavertail malware payload. This payload steals credentials and cryptocurrency, and installs a Remote Access Trojan (RAT) via detached child processes for long-term persistence.