309 matches found
Malicious code in testdonotredeemit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in backup5-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fbc0dc5fea4212458853e895b9b9df474401727a4768f47e3016a8c871fd5c7 The package tarball contains multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote,...
Malicious code in load-nuxt-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0f879297070c07197ace88cfb411c61d497ad150e39c2c5c91349737f5d83a The package name resembles the legitimate Nuxt ecosystem tooling e.g., @nuxt/load-nuxt, and the version 99.0.3 is a common dependency-confusion /...
MAL-2026-6900 Malicious code in txs-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74154a8e4e769872929446eb17b4dc59a1b491508c7bd05e55d1cdb232ecf2aa The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in pino-zod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ceffaf94fc190f70c18587857f2f0a674a9699512eec79f5cf738eefaa54ca Package advertises itself as a pino+zod logging helper but ships content that does not match that purpose: a dist/discordRelayUpload.js module...
MAL-2026-6411 Malicious code in data-fetching-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 913d882d66d587abb1d6fe92b8b6d7353c1b4ae79fb175cc3f10b606dd5f8457 Package self-identifies in its package.json description as a bug-bounty dependency-confusion proof-of-concept against an internal package name of the...
MAL-2026-6052 Malicious code in @mastra/github-signals (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e263abbd9ed9975f3f8aaecfd1a780616bc3aef00238ed9ba9075b5bf4e38f37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/sentry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08da35ae5d7bc21a7de70c2ed41f52a7a399a58fc26577835f8577fd0053136d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5947 Malicious code in @mastra/evals (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9bc49e06e746f572e3d99fcd89abf22d51e094de6629cb9cce1988e2d3e08c4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5625 Malicious code in clsx-tailwind (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e1efb9d7593baede89024227d99cc6ca9fc0c86e1f0faf8dd78560174cf1b39 Package advertises a trivial Tailwind class-name merger a 5-line cn helper but its main entry dist/index.js unconditionally requires...
MAL-2026-5369 Malicious code in @doaction/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a625267416db212dbcffcba51a6ac48bd779ccd3760b7ef8f59e6b4905df44e5 package.json declares "preinstall": "node scripts/postinstall.js", which requires '@doaction/shared/bin/postinstall.js'. The package's stated purpose...
Malicious code in gcp-api-enabler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a14212abcc7c3f9f662ffcc18752c5fa10f94d07ef3b7c820637eea7d02c3ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in explorhub-claude-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5888ca1c6b220e4722ac7efe59117b3166ac06da038871ddd7bf9e1538e54bbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4191 Malicious code in iv-bloomfilter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7f2a3b58036e1174efe383ee906172b07f9ddc3410d913e51b4e614f9ff09ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dowload_ebok_los_enemigos_del_comercio_by_antonio_escohotado_6t2l4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ecb449c7c0f418834fbc3e22c6d061ef50d4d6bdbb1e40d19fb85023be2be5f The package dowloadeboklosenemigosdelcomerciobyantonioescohotado6t2l4 was found to contain malicious code. Source: ghsa-malware...
Malicious code in @uipath/widget.sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e72fd5223273f42c47db6b5b8217e2cdce8589d9cf9545621606c249facc6ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3440 Malicious code in @squawk/airways (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a54989a6191f1d94771608b8f3552bda56715631b5a25aa301da35cd1ccd869b The package @squawk/airways was found to contain malicious code. Source: ghsa-malware d2d4644fde6979be241ba839c52ea3532ef3b0b25355b239ade4e1dafd9e272...
MAL-2026-3435 Malicious code in @squawk/airport-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a12035131eafd29a07572751653f857706ac1b113fcbd498a70f54d96d5276cc The package @squawk/airport-data was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3475 Malicious code in @tanstack/router-devtools-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3277 Malicious code in edj-shopify-theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0e23978c8bb0369f485f8c3e2384f10d9e649d13a3c198475ace4184c3757a5 The package edj-shopify-theme was found to contain malicious code. Source: ghsa-malware...