421 matches found
MAL-2026-3165 Malicious code in chai-as-redeployed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2e2a156e4adadf2466c1ce0f0501539ea4bb3306edd9b2c97109326a9f94f3a The package chai-as-redeployed was found to contain malicious code. Source: ghsa-malware...
Malicious code in claudcode-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88f4d319ca32cad5bc9a2f83d4b1b64c39f2d1e75f2fed26cc1172d480891b69 The package claudcode-mcp was found to contain malicious code. Source: ghsa-malware 65a350de7c4fa0545fcd3fa1439e9ea34afa50e5237688032de7bcafeb071ab0...
MAL-2026-2941 Malicious code in npm-doc-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8ae6448e13630c5243e98e1794e9b2f57b0e999d4c31687f0db0f1665496f9 The package npm-doc-deploy was found to contain malicious code. Source: ghsa-malware f7938c30cf6da645723648c4c43979c97d7c006933fb24ccab60154f1cc5d084...
MAL-2026-2638 Malicious code in billing-paywidget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a1d045f893bda154c8f1c451045b34000b97a678cef9952b2dc3ba2f1c83db2 The package billing-paywidget was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2598 Malicious code in babel-plugin-fbtee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da31ad0bc5f3d25505f208dd3be88eaff3e4054e429cbdc7601dc5e3a3d42d The package babel-plugin-fbtee was found to contain malicious code. Source: ghsa-malware...
Malicious code in path-external (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83954c990d9e7dddb109dea7f9ed24bc8ded6b95da0ed050b43e7486675fc67c The package path-external was found to contain malicious code. Source: ghsa-malware 28650e14b5d9d8ba8bb4df91ca765c3e40d62074928911571fbdbc9af91c4e2d...
MAL-2026-2133 Malicious code in server-fpti (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90fb70466093bba29ed5b8f62a9734b95ff7011add06482beec9546984f11c3 The package server-fpti was found to contain malicious code. Source: ghsa-malware 59d0d75db844e966a9f5cc0e311ca6f2385abdf95ca0ee2387c23be8342f0fb2 An...
MAL-2026-2093 Malicious code in pulse-rsvp-card-entity (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d02d6daeedd5d906c300edc9ce1c430366876726cb5f6c69156b785a38713ad1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2071 Malicious code in react-leaflet-cluster-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0518fae392cbcd2e3f43b08af24b6736a313bcc053d67bfece2c36c7e609373 The package react-leaflet-cluster-layer was found to contain malicious code. Source: ghsa-malware...
Malicious code in innocent-pkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a43dfe9cc2eebd7f30e81c4d84f86e0375a8f68621f3dd52156c93a9062e67c7 The package innocent-pkg was found to contain malicious code. Source: ghsa-malware e6e3d2128a98a7bfca4b4ef2d91cc684dad0a7386877a5673ecb0911489bbd7a A...
Malicious code in transform-dynamic-import (npm)
The package 'transform-dynamic-import' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1554 Malicious code in typescript-validation-schema (npm)
The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in proposal-typescript (npm)
The package 'proposal-typescript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1512 Malicious code in undeclared-variables-check (npm)
The package 'undeclared-variables-check' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in brlc-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e1d5bf92d7953e1333f3d575ad749dc56b9914ae64813b2e9753a0718a2882 The package brlc-base was found to contain malicious code. Source: ghsa-malware c50e966389745dbbf1f8c81e6b0e19db8d01502091437c4148cde8991e9e314d Any...
Malicious code in unibody (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62433a668da6675dffc03d0b406316c3a612058aed5063d864c1f6a78d94e937 The package unibody was found to contain malicious code. Source: ghsa-malware d5083ea858a18dda094f7d171b57730132d8348f914ae8b2895725447d8f13f0 Any...
Malicious code in vite-chunker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff8c2fc92377d678aca4ddaeaf13ff2c9a3fe7da1e436478d49b935131562f58 The package vite-chunker was found to contain malicious code. Source: ghsa-malware 77cc8d4b3c8ab1dac6606515127cb65f5c6738fb43b9d6a7800351162e689059 A...
Malicious code in falcologgerinternalstate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 183181a665c683721a6523db5e15b21f8c20c2b154b2ea57decac425f8ad44e3 The package falcologgerinternalstate was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1272 Malicious code in test-mal-npm-pkg-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9e953edc529bc6611e9adac05b4738ab0ea950259e50cb2ea1067f07d9ecf7 The package test-mal-npm-pkg-2 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1256 Malicious code in pearpass-lib-data-import (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ab28e159d40d36665a0a745f8ff8a2f9d55884bfaff1f019638560083aaf42 The package pearpass-lib-data-import was found to contain malicious code. Source: ghsa-malware...