Lucene search
K

3395 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in ishowfeet3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc732922556c087a288d536adf6ef6bf7d643946239cd9563e0a9bc9b6960205 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in backupsitetuff3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e8a9cdadf95e8850030fa5609c47ad2873664ce1001973cd8edf34176d4a779 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ratelimitsucks2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d35482838ac389f7af960c113776867c9c5a83b1995ad7ece20fd26b71918ce The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e63dd12f3157bb49fe3951bfb356c83b4b7349eed5947af87b09c40c868382 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in timmytuffknuckles6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22ef6fa6c2b9f80d6a1f79e532a9d9ea083a1c662bc834d118879ba630842b0c This package is not a Node.js library. package.json declares "main": "sw.js", a Service Worker that calls importScripts'./8cfc2/hgshm.js' — an API th...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in bismillahitidakimas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbdeeb9f66b286397502ebf5d67dacf17f4cc4f58917fa9d201d799bb99c3e2c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in whatsadmaidk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 604f59cbac58a8e35ba82016c72efe0c02226eec9273e96ee9215dd72cbe0392 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in pasirianspirit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60cd922693da1d756dfc573575c5f9630b509a4746aeccedd588426a170d0a18 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in captainindia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 733cf02dcdf94f8882c708ffcafec943cc986ee2909b6c6800ee9e34c8b8fccb The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday2 views

MAL-2026-10334 Malicious code in midnightrush (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94313bf7eca9c82a6e6e6d8f3a7230fcdf936da5ff66069639e1957b4a8d2fe3 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday2 views

MAL-2026-10305 Malicious code in ilovefemboys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdc298baaa7b820adecfa54fb1190c2feea422da1a03ec48b14d55b996d6cc6e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in node-sysmetrics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e624a951ebd9352b2b8d47bf80d418a01674640ec2d2b2592f00bb446f110c68 On npm install, install.js executes as a postinstall script and drops a detached background Node process at /tmp/.sysm-agent.js that persists after...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in eslint-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8908ac72050dded53e2e163c528a446b7a4fd7a37a4874e14f95b08265f043c4 The package presents itself as an ESLint-inside-Jest runner but the documented linkProject/lintFiles/createJestRunner API is not implemented. The...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in execfences (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 974c5744c98a462c30d6c8dd3ca078461dc172244203e85d5290fa05660d2d1c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in chain-api-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cc73eb727778c3a543bdef1f6993d4c8be38da047fc97b7a0614bd195590249 chain-api-sdk presents itself as the upstream multichain-crypto-wallet library: README, badges, package.json repository.url, and homepage all point t...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in promo-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1a88c879a569b51180b134bd442917610efba2cfc54aa980cb3ec3b4731e84c No concrete evidence of installer-side harm was identified for this package version. There are no indicators of credential theft, environment scrapin...

6.2AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in rony-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be1a5728b472335e46d1df74becaf6355424f1f32d068bb517c079d88cacc03c The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo.username, hostname...

5.9AI score
Exploits0References2
OSV
OSV
added 6 days ago6 views

MAL-2026-6962 Malicious code in gas-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36241e999d92bad738082bf420fc144391735f9f3707bc4baa0153b4cb0eec8a gas-log impersonates the legitimate eth-gas-reporter package: it reuses that project's README, keywords, badges, and CHANGELOG, and the README even...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added last week11 views

Malicious code in whs4_npm_test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68d797ee3c8111cffee8603aa24625cb71a7f958438e33207b33376b260acc59 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added last week8 views

Malicious code in shopify-internel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb1d4e4e70cff6efbfec48cbf205e071c73a70003863e2293dbf7035547f560 Package name 'shopify-internel' is a one-character misspelling of 'shopify-internal' and appears to squat on the Shopify namespace. The tarball...

6.1AI score
Exploits0References2
Rows per page
Query Builder