114 matches found
Malicious code in @zimmo/last_search (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbddb0ebcd12d13ef5eb1f2cb4e0e41f49b00808e4d23a15b5c22b7ecb23da4d The package's preinstall hook runs index.js on every npm install. The script collects host identity data — os.hostname, os.userInfo.username, dirname...
Malicious code in @matjp/dvi-decode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 285904d13f5d698c3c33461fe969265ca73c3041db80eabe5637c1ebd3f3ca9b The package @matjp/dvi-decode was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3334 Malicious code in fanduel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2d9b4e8ab1ef054d5774929963bc61b004f7914e48179850c51f77e67410a41 The package fanduel was found to contain malicious code. Source: ossf-package-analysis 49d980743cd761f6fb629d32e14864e720d1269e4208ec9e0f075c5e9f6eb4...
Malicious code in supertag (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8af13a06fb931a42d83e13b19fd998ff62e59ef3d56302bfe9d257e07e2bad46 The OpenSSF Package Analysis project identified 'supertag' @ 99.1.1 crates.io as malicious. It is considered malicious because: - The package...
MAL-2026-2857 Malicious code in @shoobx/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89c007db99335df1e518ef5f3fc4acc2c7d18c0ca6ba9496a93c6cd688e6ffb3 The package @shoobx/types was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in repo-typescript-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c009aa720ff70075b05dfa732a4d21fb40241c526d6615825dea97202843b252 The package repo-typescript-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in f0-service-address-doctor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fb126414f1575e7289915e4edd746dbac3d039a0a433f5069309acc281e7892 The package f0-service-address-doctor was found to contain malicious code. Source: ghsa-malware...
MAL-2026-770 Malicious code in xpack-per-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd02e72044e1a432dd520594d89d568cdd80feaef160f24160f04cc549662c08 The package xpack-per-user was found to contain malicious code. Source: ghsa-malware 1182af58fca66833bb4a361e986f5ba960d9e9ab320cd787464bda92246392fb...
MAL-2026-168 Malicious code in @zuora-marketing/linting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddcfd1151af868e694a4a79307ce1284331ad88b8ff631651f3fd2c47fbf342a The package @zuora-marketing/linting was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @crepo/crepo-url-query-mapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8556f30a48d0b1c957d0d66394801c28e6259503ed20f4cbf900102b962ee5f The package @crepo/crepo-url-query-mapper was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in spire.officejs-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d5bc6046960bccab3120bb794cc2c868fa2bb41e0d35028f39e2e9ca9033a80 The package spire.officejs-common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-192944 Malicious code in backstage-plugin-glean (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824531546cd7527be37fc4aa5ca2020424a1ecf090eaba3a8974105871c0931f The package backstage-plugin-glean was found to contain malicious code. Source: ghsa-malware...
Malicious code in ido-sdk-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a541a76e308d33ea53424e63677093bd2347634a5f313f6bff9fd62a4fa83c9 The package ido-sdk-web was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in browser-client-neptune (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9ad0cf7ca8faf91e654dc6ceb89ca235f191edc099334e5d8cf1a070bfb128a The package browser-client-neptune was found to contain malicious code. Source: ghsa-malware...
Malicious code in airbnb-luxury-messaging (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3721ccc0b94a8795edd99efa6ea640102c705346c6270a7ac203911797eaa7e The package airbnb-luxury-messaging was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in airbnb-story-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ee587585b5d6ce7a559b01b7ca42796dcd026647cce38e2056a0893bd4c7429 The package airbnb-story-constants was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-190520 Malicious code in node-calculator-4e41 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13eeb23685dac84d542d197d77303c42cf1157c465348c204b391edca71c782d The package node-calculator-4e41 was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190500 Malicious code in com.mixpanel.unity (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a617ed7539b6703818676ef051a6c12331b0e014026d1b56fb7d72775d7ad5a1 The package com.mixpanel.unity was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-49392 Malicious code in focusync-custom-controls (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83979de8b383c0a28ec2fea476c2842bafabcb6e5abfe06e4253a9c1ab713234 The package focusync-custom-controls was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @odoreltd/osiris-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32a73b3fd49b5ad7e472425aec55d80718039bee3d41c8a3f9eb7d5fccfed450 The OpenSSF Package Analysis project identified '@odoreltd/osiris-api' @ 5.5.9 npm as malicious. It is considered malicious because: - The packa...