Malicious code in @onerjs/inspector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08c3c6c201db840a5576941656934704b0932abe72527c5e85b969fd90ad0ccd Package name, version 8.52.2, README, homepage and repository all impersonate @babylonjs/inspector. The shipped code is a 700-byte UMD wrapper that...

MAL-2026-4411 Malicious code in @onerjs/inspector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08c3c6c201db840a5576941656934704b0932abe72527c5e85b969fd90ad0ccd Package name, version 8.52.2, README, homepage and repository all impersonate @babylonjs/inspector. The shipped code is a 700-byte UMD wrapper that...

Malicious code in @onerjs/serializers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 729400f12e8686271847d4633518c63363e156c251d18ede6f1d2e947aa2c0e0 This package replicates the public API of @babylonjs/serializers and ships its source verbatim, but rewrites every internal import from @babylonjs/co...

MAL-2026-4413 Malicious code in @onerjs/serializers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 729400f12e8686271847d4633518c63363e156c251d18ede6f1d2e947aa2c0e0 This package replicates the public API of @babylonjs/serializers and ships its source verbatim, but rewrites every internal import from @babylonjs/co...

MAL-2026-4410 Malicious code in @onerjs/addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7d3b8a435a56ca78d7a2f4ca7077b8a96f968d29e32dd01580fdf01cee442f5 Package is published as @onerjs/addons but ships a verbatim copy of @babylonjs/addons source while declaring Babylon.js identity in its metadata:...

Malicious code in @onerjs/smart-filters-blocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e772d7a844409df378591a5a587c7cc8045e0ec0e8cb493912f0da8fa594c169 This package is published as @onerjs/smart-filters-blocks but its README, repository URL git+https://github.com/BabylonJS/Babylon.js.git, description...

@amazingcat/amazing-iohook (>=8.2.3 <=8.3.3), @donmahallem/trapeze-client-desktop (=5.1.1) +15 more potentially affected by CVE-2020-15215 via electron (>=8.0.0-beta.1 <=8.5.1)

electron NPM version =8.0.0-beta.1, =8.2.3, =8.0.0, =0.1.0, =4.0.0-beta.1, =1.0.1, =1.7.0, =1.0.3, =1.0.5, =0.0.1, =1.1.35, =1.1.51 and more Source cves: CVE-2020-15215 Source advisory: OSV:GHSA-56PC-6JQP-XQJ8...

@amazingcat/amazing-iohook (>=8.2.3 <=8.3.3), @donmahallem/trapeze-client-desktop (=5.1.1) +15 more potentially affected by CVE-2020-15174 via electron (>=8.0.0-beta.1 <=8.5.0)

electron NPM version =8.0.0-beta.1, =8.2.3, =8.0.0, =0.1.0, =4.0.0-beta.1, =1.0.1, =1.7.0, =1.0.3, =1.0.5, =0.0.1, =1.1.35, =1.1.51 and more Source cves: CVE-2020-15174 Source advisory: OSV:GHSA-2Q4G-W47C-4674...