4606 matches found
Malicious code in @rexorg/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a10d1a86c535852318ad135eca1236f436ad942657df6107d1e1e8a117faf42 The package @rexorg/config was found to contain malicious code. Source: ghsa-malware d3c7f7c6129d24b5a4ee9f95be492524854c16742b8b538f33972fea399c64f5...
Malicious code in svg-sizer-responsive (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a60820b0fbec756691b147e45ad8157501c307c7864249a6a7b112b5293846e The package svg-sizer-responsive was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2131 Malicious code in nemo-fpti (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d59bda0a25d9b656075c91322ff0c7a8463b743465176a358265f7fb35710b98 The package nemo-fpti was found to contain malicious code. Source: ghsa-malware 7e5357f25ae0271690f061e93dc85be49cf6ebe3ccd0d09110524b0fcbb30ee3 Any...
Malicious code in pulse-feature-flag (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fad1549c9f60719931f740e56bfa68762b93275b97574f4d8d2c08aeedc71344 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2060 Malicious code in @emilgroup/tenant-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19565ad64d71448817cd4ad8fa924ac70de1832d0c158fcca37a70af0fe97783 The package @emilgroup/tenant-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2065 Malicious code in @opengov/ppf-eslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9589ba5a93df27f74e2153118cf450e51df3df58d8c7abd8e4043cf28c0d8bf The package @opengov/ppf-eslint-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in xyztttxyz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ec60812ab8ac06f92ad0543c7a16f930da49afbc1ca5e10e6cabffe3ffe1ddb The package xyztttxyz was found to contain malicious code. Source: ghsa-malware c7299da569fb2428ffb4bcb1641a07a7879e89460f46405e2257197a6f4fe2a3 Any...
Malicious code in xyzttt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bf8be86e9fbf67b0bd783470b31f222a90f7723388dac7deb1b168e658cf45e The package xyzttt was found to contain malicious code. Source: ghsa-malware f9a2092cb0041e877889c537a1e182d10e0fd642e2bcdb26daa6e8e8a2f7077a Any...
Malicious code in hiagenttest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ea4b234d38909b534414ea6c060e079ef07575115b5e06919ad1778930e1c02 The package hiagenttest was found to contain malicious code. Source: ghsa-malware 30c4c5863aa45de206d3f6f50505fc89f13e2613c4fb62b80866030d74bc2df1 An...
Malicious code in @metaplex-foundations/umi-public-keys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48abfc0f902cd0f09b0c2ae7449eaefbf3b4baf1cb12e4165f509b86f7ad8692 The package @metaplex-foundations/umi-public-keys was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1444 Malicious code in graphql-request-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e85257ce18204d98a8a6181fa40a75d7feb91477b98f6b86ba89223a9f4e51 The package graphql-request-dom was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-wrk-wdk (npm)
The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
MAL-2026-1514 Malicious code in declaration-block-no-ignored-properties (npm)
The package 'declaration-block-no-ignored-properties' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
Malicious code in @sky-it-livedata-libraries/livedata-commons-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23622be0c1860486eed767780c0a0de0a46b5b0a736cd99a08ecba95fd57c411 The package @sky-it-livedata-libraries/livedata-commons-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1345 Malicious code in npm-builders (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c63391276857464ec97afe878e9a323907ccb5cc79486e5d11ce3078f2621e1 The package npm-builders was found to contain malicious code. Source: ghsa-malware 83c8c91b9b31b2f06c283e24505777cd3486a18286a6eb6a2f2b29ca2e6462e6 A...
MAL-2026-1299 Malicious code in monoping (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8fd35713b7e196cf598a8c69f853a4760cc2a2f079ae9e51d3d5d62d33a954 The package monoping was found to contain malicious code. Source: ghsa-malware dac223c01f73149dee79551e85e5265a42c4093a91294545d780f6f86ac1ee9c Any...
Malicious code in monoping (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8fd35713b7e196cf598a8c69f853a4760cc2a2f079ae9e51d3d5d62d33a954 The package monoping was found to contain malicious code. Source: ghsa-malware dac223c01f73149dee79551e85e5265a42c4093a91294545d780f6f86ac1ee9c Any...
MAL-2026-1270 Malicious code in @wgu-edu/wgu-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26d12da6d55658bcd129c71b6cd484c74498f993ec35f2219f69b6b8018ccee The package @wgu-edu/wgu-icons was found to contain malicious code. Source: ghsa-malware...
Malicious code in aaaaaxxxxx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74022d63a8f08b2891b69972616980c694bf36c621e434d53bb293d3c556d50e The package aaaaaxxxxx was found to contain malicious code. Source: ghsa-malware 76e892030ae3b51f49aca22d108dff0826190b133c1d18bd448c9308b904f8d4 Any...
Malicious code in tailwindcss-form-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...