511 matches found
Malicious code in sbx-mask (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 199f83840bd0dfd9d9e7295134e439e8adec273f9be8477d0ff68b6ec8c491d1 The package sbx-mask was found to contain malicious code. Source: ghsa-malware d04d541813f3f1e2bd2d1c509c5ea3463d64caf433617ab3398e118171f2cc65 Any...
MAL-2026-2101 Malicious code in sidebar-basket (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd1b121a57bf0b4d96e4f902f6d051ff5b485ab7fc412f8940ce2c294ddb660 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2046 Malicious code in @emilgroup/document-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a0db55538f4afebec1f08f4cff1689eb866b7d256eeeabebcd2c52862ec3fe7 The package @emilgroup/document-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2072 Malicious code in react-leaflet-heatmap-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2352243757a42dafc23c429819f6693b8f9a56799589414bbb527f35b1f7ed35 The package react-leaflet-heatmap-layer was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1944 Malicious code in couplus-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0c78a6293dc26a858801e92b94142c0fb6ab09c558b39900095be8a8aef9a52 The package couplus-cli was found to contain malicious code. Source: ghsa-malware 469c68fc4282e268dbe121670070e4a148ec18adaad72317ca06de47eed59217 An...
MAL-2026-1463 Malicious code in polymarket-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6c5cc93272b23bb8876a4c2f2ce61ec7887bdeb6b89846a0c385022a156c6ca The package polymarket-validator was found to contain malicious code. Source: ghsa-malware...
Malicious code in transform-es2015-shorthand-properties (npm)
The package 'transform-es2015-shorthand-properties' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
Malicious code in es6-recommended (npm)
The package 'es6-recommended' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-es2015-spread (npm)
The package 'transform-es2015-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in cortana-md-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 686dc6172d061151a94189d41cd564a6127d00f10af75880962a357301ec135e The package cortana-md-bot was found to contain malicious code. Source: ghsa-malware a712b3a56136d272ebf1a688ff9ea1cc572023730622963df1e6e82389177d28...
Malicious code in iron-signals (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 015416030a87f010b10b6babdffd64778563cfccdc5ad2fa610f456be6314658 The package iron-signals was found to contain malicious code. Source: ghsa-malware 2845ee24242fc511c6b3d7ad1fe8ed0ab3feb42f943edae6255d0a72f2b88460 A...
Malicious code in jsonify-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a8aa1030a7553e5aa40c2770df5c5945ccce7110fbe89a5931b7003453aa08d The package jsonify-core was found to contain malicious code. Source: ghsa-malware 15401bad013f01305211dd3ab1307a4ac9383ef3846645fd154ab648ce77e956 A...
MAL-2026-1194 Malicious code in cmc-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7378c3fbef6f6a80690e0834d8bb1b459165cc9b55bc4d2ac2dcc0c1a574983a The package cmc-client was found to contain malicious code. Source: ghsa-malware 5986e6b65452c046e565efac71b9b6ce753244cfb1c7f2d7ce11751a5f827f69 Any...
Malicious code in selfbot-lofy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef24f8180f463b198ff4fea466684c4439a31102aead233f8faa51b587ac0bb9 The package selfbot-lofy was found to contain malicious code. Source: ghsa-malware 1af8492fa4885fa5b969d5ef3947595dffa2f959bb4e1de73b9ca504dec215a8 A...
Malicious code in @powpegtest/powpeg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0acf5c813243b7a0b83c02048de4112604eb9ad97d612f3822206a0cfbf174ad The package @powpegtest/powpeg was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1171 Malicious code in @snazaah/davey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0f71f42be87797ef9a1316bba8adb9bdef08cc765a42d1b707487f790846af The package @snazaah/davey was found to contain malicious code. Source: ghsa-malware 1e647d7cf3afc1b7a160585b664e75a2515b6b9e00925bdbc30e20625731d490...
MAL-2026-1150 Malicious code in libsignal-yazxz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91d9a354d77eada4afacd4c7b884cd9b3c9487007f544b4de3068e3c3348b593 The package libsignal-yazxz was found to contain malicious code. Source: ghsa-malware 04f7491f3c5360ba3b0ea3989fbc6fabe1d113734b5f7824bbe6fe274d830f8...
Malicious code in socket-dgxeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b1cdce1957669bd7cca7bb7c90b018a87fad6ed9ea49b4874f127272f0c00d The package socket-dgxeon was found to contain malicious code. Source: ghsa-malware 0f36366d3dd38134f3c8176992483c8c67f2e502ca9b774a4ea5a3fc2d428efc...
MAL-2026-1034 Malicious code in chai-lite-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07f2fa37570e8cdb391a3cddfb304c274e9726e3803b150b309816e971577bec The package chai-lite-lib was found to contain malicious code. Source: ghsa-malware c9a6f02ff3187727ac481d692d98a5614c02e6ca28616d6a9d48e7505e63656e...
MAL-2026-1011 Malicious code in node-argon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a249253a8bb08b645efdf877fb82287c002a57b8170e4977ac7344831d08ae83 The package node-argon was found to contain malicious code. Source: ghsa-malware 67f9534d5ccdcd0354d6b224d85adad29d2c686924ced68999d9d4dfd99ccd34 Any...