Malicious code in chai-midpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4deffa7a98fc055452391610a3ab832bace310cf34ecc058287f45cab02c656c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5169 Malicious code in chai-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e982bc5f531780656477d948f66ea8acd21d7a48da535ab8585599a21e6b358c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @osamdefeirrighs/testhackfrrferrr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc1c3467aded71e3ee2e4dbb16bac4d9257a03410188ea98624a09a4263825c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in shopifyto-cms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f0fb4ee5fa3c58016b3fa60c91ff3a9b5f30d82cbf65b239a096ef850ccb475 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5106 Malicious code in chai-as-minted (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5116 Malicious code in @redhat-cloud-services/rbac-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/frontend-components-testing (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/frontend-components-remediations (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9032a522708cf49b925eaee77c313e16ee097040af91a2a9c86e16a957a183e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hardhat-evmchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f369bb56919b0bda50e063229cfaf0fd1b0481d62c6d5fbdf90eb6e5cd6ac6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in appkit-react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49e8fbd1c8061ffedb22f37a8fa90ca96d9830f45d7d318f421681c558aec29d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5047 Malicious code in @cplace-paw-fe/cf-training-extended (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c5db73fe2d964e3a417f9c13904b52af166bffa1edb36401e0dda939c281354 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in web3-config-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @timelycare/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20721d7408b28aa50209f0c6cd65b0e38f69b6979d13e6641d48b38a94dc9fd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5048 Malicious code in @cplace-project-planning-fe/cf-project-planning (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 092bbab646c6ffd8575fb87711545ad5052a18b9a78c3a70fccbecf8fbe5619a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in codex-devcontainer-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8248bf278df1e89da484099e912cdf9f8659976469a219bee14a03e2755391ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5066 Malicious code in ethers-hash (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d77270819f9736bb8e5eaba898605cbe713dfaf9b06c2ad539aa29f77651aba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4797 Malicious code in int-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 369f6932b06597ffc51269a3c2634d158a10270a5c79eb9e4842818e8570c544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in xlsx-enhanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5196a5b8e1db8092bb735b33db7212278bd080b11315dab3eae15251655c22a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4799 Malicious code in pdf-lib-enhanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4da0334724e86909030ba354dab57e4c522c139a925d3ec06559541179c562e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...