3400 matches found
Malicious code in webpack-session-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0007695a788bff7d6d0a87ee48de6771c12a1e21241bd3fc0bc7b5509608533e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in nodemon-plint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c287effa0f498762ab73bfc0e4428b4d0afbc05435b1613459f9024d0b97927 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @cw-ui/micro-ui-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b558c8d90850ea9817e236b445ba2bc1020a35a81a099a5e1575ef705b00bd39 On npm install, postinstall.js reads the installer's hostname via os.hostname and sends it as a query parameter to a hardcoded bare-IP HTTP endpoint:...
MAL-2026-10568 Malicious code in sync-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37fba87304c3a7ede2f03b87c89b49a3fb9b7f201befbaf79312da2cce65abc4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10515 Malicious code in nodemon-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f5aa35dd34f3c1d075d6ebee3f25a0445780f6f2c78d55a958868e530fe315 nodemon-web copies the source of the popular nodemon package verbatim and reuses Remy Sharp's author metadata and the...
Malicious code in abuden213 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a014a046e0516c12f5b1d7dcebebc2451633c4987fd3c96aae43229501ede141 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in sixseven7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 152671e097b964ad20f2d83c5b18c690ca4d5880023fb89941b6fed2d3752b75 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in abuden217 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42fce03517a0e7a241f99d0ce806a5bb90a4f70b083a2997c80868f3bc37d4b4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff19 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ac0f814bee9916273883e5915c6f74bbf75f08022175b094d98f52a6e6f562 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden27 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a0037c8a17a959cd7829f438037488f38087100358afd79b87f485a6777e0d3 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff28 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4df9a99493e961f0831ee245a191e6cef695922e10bb31d0d26c4d386eb2c8a7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden29 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bea5d30b04399b967b11ec631f4c69261a378c4c2fb07d8dbcae101927596ea The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c566b19e3b2fffddf78ea97e8aadc31f0e931f1bf708653194acaab8521283c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0425e16f6f6a24f1e657ceb1c80a24330f655a496c9d1bb22a2de0cd41423f0a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden24 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb51631494082c47eae9693ef57def77cbb5e4ecef742b0e1cf5ac6f41b4573f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff17 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 072d84530e09f130a4d3ffb8f525b8bbcc0833f402ddfb66ebb39e9f85155a09 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff16 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 570cc848bb0e31176fc13945f1cfbd39b64a671de7e2d1913b6951513c0b21b8 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff30 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4a979285347756e69976ca9775cf22e923002ec93ede98adc0dccd7999ea087 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff26 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d6f3663bcc4d41d4ec7b7e07a43f82567efbbab2cfb098d7227f0f0803e7577 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ishowfeet17 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8a7da1cae4bcc5f4805bed7bd781b9e27de67b2264f6ba7740c8730369c9405 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...