Snyk Investigated for Malicious Packages Targeting Cursor
/ 1 min read
🧩 Snyk faces scrutiny over malicious NPM packages targeting Cursor. Developer security firm Snyk is under investigation after security researcher Paul McCarty discovered three malicious packages uploaded to NPM that appeared to target the AI code editor company, Cursor. The packages, named cursor-retrieval, cursor-always-local, and cursor-shadow-workspace, were designed to collect sensitive system data if installed. Although the packages have been removed, metadata linked them to an individual with a Snyk email address. While some speculate foul play, others suggest it may have been an attempt to test for vulnerabilities. Cursor’s co-founder clarified that they did not hire Snyk for a security audit, and Snyk has since stated it is looking into the matter.
