2106 matches found
Malicious code in abuden228 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b15ded0c14059932e82f8e56f2b6d6fb13ebe2da3b51d3e17e048044e9266716 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff18 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b37399115949eb936a5e60cb1e4bc150431211adb4c62ea0bb2ad7120bf5c39 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden23 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a3dd35665bdd420f175b6b522ef75b800e178d26b62971b55b20891e5663c0c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in backupsitetuff10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8062677ad6aa536c8e4582df43db6251e78e0cd2a0e4c36348a997bc28b06d5b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ratelimitsucks9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c5a4a441bf00f2d9dd64e778e4c796779d0a4a216b92bcaee66d8012d4ce255 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in lowkeybored (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44a98aa46273662e37d16a9ce5fd2e003ae747c89301cbd03b1ba52bdbe81fca The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in thebigyahu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb60a0e719514988070d96c3cedea8d918edccef68203afe3cda86635c607de The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in backup3-ff (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a32646e3ad3e35186f8344c19ccdecfd69c26e8047fc44b77c0516b644fd094 The npm package [email protected] ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote...
Malicious code in nodemon-sudo (npm)
The npm package nodemon-sudo is a typosquat of the popular nodemon package: its package.json description "Simple monitor script for use during development of a Node.js app.", main entry ./lib/nodemon, and forged author field Remy Sharp, the real maintainer of nodemon are copied from the legitimat...
MAL-2026-6967 Malicious code in nam-os-a-man (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...
Malicious code in whs4_nmp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...
MAL-2026-6939 Malicious code in polytrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bb6b9a4e70c868e150f06160b187915bcdeb6c9c8f95095af4766dde92f96c5 [email protected] advertises itself as a Polymarket API SDK, but the exported getPlugin function in index.js issues an HTTP request to...
Malicious code in rnx-align-deps (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fd85779926afc494fd03f154fa151e30ee831b5aa8f260e01b29ee8f7a676d5 No a static rule matches and no behavioral findings were produced for this package version. There is no evidence of credential access, network...
Malicious code in @sqlite-access/nodesql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5454044dfacdd12da8025ba7a7c73260f16c64b29dbd25ebda52af4d03e8450c The package presents a three-way identity mismatch: the scoped name @sqlite-access/nodesql implies a SQL-access library, the README markets a...
MAL-2026-6902 Malicious code in wime-zle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3e5a49f13ac5ae3e92267b63357dc81d37b138ed5981949b12e51a09095e2b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in txs-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74154a8e4e769872929446eb17b4dc59a1b491508c7bd05e55d1cdb232ecf2aa The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in ts-eslinter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56fe794783cf855aba4980f7186b85866fd3048cbb97803fe8c575192cb30d44 Package name resembles common ESLint/TypeScript tooling and the main entry index.js contains base64 decoding via Buffer.from...,...
MAL-2026-6850 Malicious code in logger-beauty (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f894c613d7ea8f407e4515aca877e6f13b5bb8e72530ce8032a534336b5a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in chai-guard (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0814b168c19eced65c482efd2ccec185224474b7fbc0e47a2a3ab8fb3a5100 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lint-nuler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f9e0e240b15ecbe934992f121b12fa84d736e4432e20346c7860941517acaf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...