MAL-2026-4789 Malicious code in ggk-happy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da23474ba170aa6d3b5bea2c2e8ebbc59be022caec4b612528dd644891e31379 ggk-happy is a fork of the slopus/happy CLI that preserves the upstream README, homepage happy.engineering and repository URL github.com/slopus/happy...

Malicious code in react-cleaner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c3d7a072dc204b4c150fae46302a31dafd46c85518d4ba7128fc7d36bf6a53 [email protected] is a pino-logger impersonator package main is pino.js, homepage https://getpino.io, module layout mirrors pino's lib/ tree that, ...

Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

MAL-2026-4778 Malicious code in 1cat-tunnel-client-zx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796f1b18c13a38088b4e48d75575eb92b23af5d91cdfaf6a82717f0fabbc7a79 On npm install, the package's postinstall hook node install.js fetches a platform-specific executable from...

Malicious code in weavedb-sdk-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b4b0c5f79c0370a77c3b559b70389ffee591aa22c76ca15c4077fe95b5078e package.json declares "preinstall": "./bin/install-deps", pointing at a 976KB packed Linux x86-64 ELF binary shipped in the tarball sha256...

Malicious code in test-weavedb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3bf1d859670570df6b5400c4ae762c8de880ada809bb4c371f32339744b8f9d Package name impersonates the legitimate weavedb-sdk; lib/index.js is a near-verbatim copy of that SDK's Arweave/Warp/EthCrypto class so the package...

MAL-2026-4482 Malicious code in arnext (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d689a27b5cc929562b684a7181549d3770de331a9f57120881d8060294b6e5f package.json declares "preinstall": "./vendor/setup", which runs a 976,568-byte Linux ELF binary on every npm install. The package's stated purpose i...

Malicious code in weavedb-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 469844df44557b10f865edf7d3d000fd90c901c6a42cc5402116247dca1528f0 package.json declares "preinstall": "./scripts/postbuild". The referenced file is not a script but a 976,568-byte UPX-packed Linux x86-64 ELF binary...

Malicious code in ai3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83540d952123c5d1199bbec1a72d0c4c49c428f309b9d68df45e307b852000a7 package.json declares "preinstall": "./.github/scripts/precheck", which points at a 976,568-byte precompiled Linux ELF x86-64 binary shipped inside t...

Malicious code in weavedb-exm-sdk-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3992f423f88c69e8c00223cc0ef81f970b8e178f1854beb00ef443586302ad89 package.json declares "preinstall": "./bin/install-deps", which runs a 976KB UPX-packed Linux x86 ELF binary on every npm install. The package...

Malicious code in cwao-units (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f3ce7490e9a811444c5493ebb6d968f9dd7879d7695f330e101cf5b158fedf package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976,568-byte Linux x86-64 ELF binary shipped in the tarball...

MAL-2026-4719 Malicious code in weavedb-exm-sdk-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3992f423f88c69e8c00223cc0ef81f970b8e178f1854beb00ef443586302ad89 package.json declares "preinstall": "./bin/install-deps", which runs a 976KB UPX-packed Linux x86 ELF binary on every npm install. The package...

Malicious code in wdb-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddd306d024c4dd394d19c1adb610389f239fa619d25fff4f75b857a678da0ee package.json declares "preinstall": "./vendor/setup", which on every npm install invokes a 976568-byte Linux x86 ELF binary shipped inside the packag...

Malicious code in cwao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48b0fefe9d99bcebeaa878f5bb2ca40df917b40785d6b5b8a31cf6e70a44970 package.json declares "preinstall": "./vendor/setup", which directly executes a 976,568-byte packed Linux x86 ELF binary shipped in the tarball. The...

MAL-2026-4544 Malicious code in cwao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48b0fefe9d99bcebeaa878f5bb2ca40df917b40785d6b5b8a31cf6e70a44970 package.json declares "preinstall": "./vendor/setup", which directly executes a 976,568-byte packed Linux x86 ELF binary shipped in the tarball. The...

Malicious code in test-ajs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851b521e3dde5ea11478cd37cc4bf8da2f0a0ca1864d6c39fa27fd02ef0f9308 test-ajs advertises a 2KB React/Recoil helper dist/cjs/index.js, 2169 bytes, exporting Roid/inject glue over react+recoil but ships a 976KB Linux ELF...

Malicious code in weavedb-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...

Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

MAL-2026-4721 Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

Malicious code in weavedb-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e557cd0501bb17925a19c5d3525fdf18f286b21750a44c0164eb7e165f55d9 package.json declares "preinstall": "./dist/runtime.node", causing npm to execute a 976 KB packed binary on every install. The file uses the .node...