3446 matches found
MAL-2026-1529 Malicious code in require-in-package (npm)
The package 'require-in-package' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1563 Malicious code in transform-es2015-shorthand-properties (npm)
The package 'transform-es2015-shorthand-properties' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
MAL-2026-1399 Malicious code in pino-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 472c700cdf139a1d7d1df4de30c13fcc5b6a3dcbf684324d9b7e9b3b9c43cc52 The package pino-sdk was found to contain malicious code. Source: ghsa-malware f682f709d89d5225b0a58afb163385a649ad8f5be7e56f7811bd30876fd7bd3b Any...
MAL-2026-1400 Malicious code in solana-pumpfun-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b5c167c097f41d490f55b16ad2263c163b7afb898528dafb13a74f513b9181 The package solana-pumpfun-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in cortana-md-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 686dc6172d061151a94189d41cd564a6127d00f10af75880962a357301ec135e The package cortana-md-bot was found to contain malicious code. Source: ghsa-malware a712b3a56136d272ebf1a688ff9ea1cc572023730622963df1e6e82389177d28...
MAL-2026-1344 Malicious code in bignum-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7424fa86053a143f5eae6585268b643e7b473544dfb04279e159857d32ee3565 The package bignum-ts was found to contain malicious code. Source: ghsa-malware 91982cc34a885d97932c4e298eae656831e28ca39aa3b19ac261f368647056d3 Any...
MAL-2026-1343 Malicious code in chai-as-flex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...
Malicious code in tailwindcss-animate-framer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c02b4943187c442df05c485194a7946cf3243d4f95240cde866a4efc05fce281 The package tailwindcss-animate-framer was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1333 Malicious code in polygon-gamma-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe3f588073fea9d33a70fcdffbe2466af2886a8bf5227c8e3256235aca46899 The package polygon-gamma-api was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1331 Malicious code in llm-oracle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98fdc3b2f8d6e1b4bb0e26b6f7f12227b5759900fb7c859b6b13093b1a159bf9 The package llm-oracle was found to contain malicious code. Source: ghsa-malware 94a20da2ad0a043d47545889257036cffa168646e3083c39007db16c692dc419 Any...
Malicious code in iron-signals (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 015416030a87f010b10b6babdffd64778563cfccdc5ad2fa610f456be6314658 The package iron-signals was found to contain malicious code. Source: ghsa-malware 2845ee24242fc511c6b3d7ad1fe8ed0ab3feb42f943edae6255d0a72f2b88460 A...
MAL-2026-1313 Malicious code in iron-pages (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0828e4b92294651d9b815203d5e2e7cbe45cce351dfa340bb6a79481a4a0cd The package iron-pages was found to contain malicious code. Source: ghsa-malware ec5456f01c9dadf3a140d1cd4974007405b2fdf1a9f1639c264a194555229ec4 Any...
MAL-2026-1310 Malicious code in iron-media-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548ed1fd1be98d1ed340a991d8db46117cdd8cdd2a43f625408015ed6714d778 The package iron-media-query was found to contain malicious code. Source: ghsa-malware 159ebd19facb8454d0a41a0815dc3f3c0516dfc4f7a7ac22c5ea3f106fd008...
Malicious code in jsonify-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a8aa1030a7553e5aa40c2770df5c5945ccce7110fbe89a5931b7003453aa08d The package jsonify-core was found to contain malicious code. Source: ghsa-malware 15401bad013f01305211dd3ab1307a4ac9383ef3846645fd154ab648ce77e956 A...
Malicious code in tw-modern-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5263f4880e1caf988c78cea312bf9087935eadf7367438ca98023d0b03a5ab12 The package tw-modern-ui was found to contain malicious code. Source: ghsa-malware 739792de3e777b4dcdf28cf380425a6e0e3082c65f5f72ff73d4ae60ed685d98 A...
MAL-2026-1266 Malicious code in @shenira/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3952357e13678bb1abb18600854c622a3c5596cff93e8cc3ba309a6f51fccb1f The package @shenira/baileys was found to contain malicious code. Source: ghsa-malware a2914e7416552719c1008f077553702efc5d7710bc760aa34eeaeede86535b...
MAL-2026-1274 Malicious code in test-mal-npm-pkg-not-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 803f42bec3cf0ba231262e882d9fb5def7e78c005b10e0c32edf60aecad5d9bf The package test-mal-npm-pkg-not-local was found to contain malicious code. Source: ghsa-malware...
Malicious code in @imhuman/fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21f635d2d8fbbcc0d1422e1b08e8b71b8efd04e68216dc4eb8ffaec0208f967 The package @imhuman/fw-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in imhuman-fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04a81e9c61dcf38b54d4e0ad070050a4817a509858f0f56725074b54c24288a1 The package imhuman-fw-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-lib-feedback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 331d2742dee8271e5d493e475aab23ee3f05adc5e02888d87127d189883cc50c The package pear-apps-lib-feedback was found to contain malicious code. Source: ghsa-malware...