528 matches found
MAL-2026-10564 Malicious code in micro-ui-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...
Malicious code in tipsen-last (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8dda277dd82e1c50906cff18341bb76485eed33ba42d39b228c447514e4081f package.json declares its only runtime dependency "safe-chain-test" as a direct tarball URL on hoped-twice-evaluation-site.trycloudflare.com — an...
Malicious code in acidic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef3583eb4d5b190d763cd784f5a40cb2cddaa8f1b6cd81b8a663bb612b51bb7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in abuden229 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 348ad89821b1ea36a325bc8f2e570b3a74e3a6238381106746bc31146c743fec The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-10282 Malicious code in acidic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef3583eb4d5b190d763cd784f5a40cb2cddaa8f1b6cd81b8a663bb612b51bb7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in sixseven6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fce7a5f40c9f40116627ed8a771d60c34786bc52648e39e0741fe392ed0120b The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in wsh4_npm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b6c0b02642cf1c4c0fe420fd03c0c129c21a544144878df4833373da1b98aab On npm install, the package's postinstall hook scripts.postinstall: node index.js auto-executes index.js, which builds a payload containing the...
Malicious code in hook-augmenting-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fbb17d535ecc8b30b2ab54a487691ec2e427f9dbc3c0e20acad414bb25f3203 Analysis of this package version produced no static or behavioral findings indicating installer-side harm. No exfiltration, install-time code fetch,...
MAL-2026-6896 Malicious code in ts-eslinter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56fe794783cf855aba4980f7186b85866fd3048cbb97803fe8c575192cb30d44 Package name resembles common ESLint/TypeScript tooling and the main entry index.js contains base64 decoding via Buffer.from...,...
MAL-2026-6865 Malicious code in polymarket-onchain-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73556a574d8ee416a5440f889b73cafff3b464650d6b2b2caf4001ce15086f6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6818 Malicious code in env-axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d885afbe55405d7c329ba1537aae51888c8aa9145f34ab7fdca23ca0abc0a11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6676 Malicious code in terminal-prettier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c7e821d2559361693f75e32b42a5e7a0eef5d99c723d0e35b06f12fd91e9600 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @gallup/pc-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eca755b4cbe794ce9b1389cff974fb13df6325eeb2eb658ca64a7bb7ee734b8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ai-node-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dcf100385d43e4bb2e48489a99d1fc2d4f919953963fa0339966bd5270f61b3 All published JavaScript in dist/ index.js, client.js, server.js, react.js, and sibling chunks is heavily obfuscated using javascript-obfuscator...
Malicious code in normalize-plus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d9638f9c3f81ac15972cf2ff227b2d426a72c5e37035e54402648fe8120675 On import, normalize-plus's top-level initPlugin performs an HTTP GET against https://jsonkeeper.com/b/CI3HT, parses the JSON response, and evaluates...
MAL-2026-6328 Malicious code in @muaththir/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66954b91179d60bfbf1c18e8ed8ed9e6b12ab7b13bc6ab2a4174c3bf063c2c0a On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identifiers os.userInfo.username, process.cwd, Node...
MAL-2026-6112 Malicious code in data-utils-d703 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e172168e5ac500d10ae42718a87676ad44a589b31dbeb5f902ea7fb1c4e6a984 The package declares a postinstall lifecycle hook "postinstall": "node run.js" in package.json that executes run.js automatically on install. run.js...
Malicious code in @visma-net-platform/module-navigator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d9c86b2942a6a62e08900c1c60743e4cec865cc0a439db8d8e6a0509d187b6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5505 Malicious code in anaylze-json (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a24ff6c7af790535067ae83e9bba9a3b741da26221ac8738911ed6a8fc0aa24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5500 Malicious code in csc154-internall-depend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 468d4fe797c3be3e29ea6da37c1b04112162bd349f7aea270cdbc4ba929d945d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...