Malicious code in coral-wraith (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f10fa9dc8c51419efaef960da0e4bed5e80346be9279a40d610d695a8571f6b7 The OpenSSF Package Analysis project identified 'coral-wraith' @ 6.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in trongap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2553656bd35d7c309dad6694d67fed7f3b09788cab260bf3eb5fbce84d0149c4 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2026-5680 Malicious code in bittensor-burn-message (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f944487719b66d8096157672796e641c5d1417d5ab6f9ec40c22da781727c1b The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

Malicious code in internallib_v557 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfa498f80e5965de3c072803c8d6e812e75bc5a4fb031f739cbd9c181724be3 internallibv557 has no legitimate functionality — its single exported command function in index.js writes a malicious package.json to...

MAL-2026-5679 Malicious code in pylogxo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ccb3e3a1ccde821415d6be9c25d123cc1ebedea4ca6dd40d77fc24e01cd0aaa During import, the package downloads and executes remote code being an infostealer. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-5677 Malicious code in worker-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b5005e4bec545b403f3be10160a08d634d34b5d8ab8e76a185a4a5ba34706719 The OpenSSF Package Analysis project identified 'worker-build' @ 9.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in @iobeya/spa-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5653 Malicious code in pc-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f046d16052b9121c55f2fd5e6eb2be90ce24e7b007efca3c2a9e7f64dab8f6bf The package's collect.js imports childprocess, fs, http, https, and os, reads host identifiers via os.hostname and os.homedir, inspects local...

Malicious code in @tt-aem-tt4a/shared-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 817c1920ad6f83b25d8fd32b77999376a6ad3b5448e93e7b0b66cce72ec4dac0 The OpenSSF Package Analysis project identified '@tt-aem-tt4a/shared-components' @ 10.0.0 npm as malicious. It is considered malicious because: ...

MAL-2026-5639 Malicious code in @tt-aem-tt4a/shared-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 817c1920ad6f83b25d8fd32b77999376a6ad3b5448e93e7b0b66cce72ec4dac0 The OpenSSF Package Analysis project identified '@tt-aem-tt4a/shared-components' @ 10.0.0 npm as malicious. It is considered malicious because: ...

MAL-2026-5622 Malicious code in @whatnot-web/www-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe99986935f0b2d200c3192dfc07fc1b6da96c78ac8a4f0a67aa23771e82709 @whatnot-web/[email protected] is a dependency-confusion shell targeting the Whatnot org scope. The package ships an empty library index.js exports ,...

Malicious code in @whatnot-web/www-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe99986935f0b2d200c3192dfc07fc1b6da96c78ac8a4f0a67aa23771e82709 @whatnot-web/[email protected] is a dependency-confusion shell targeting the Whatnot org scope. The package ships an empty library index.js exports ,...

Malicious code in edu-npm-dependency-chain-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...

Malicious code in edu-npm-postinstall-demo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fb14831b7d92cfc67e25e029a80fd7a2fb855e68863a0f08f71e8d5fe41fe7ea The OpenSSF Package Analysis project identified 'edu-npm-postinstall-demo2' @ 1.0.3 npm as malicious. It is considered malicious because: - The...

MAL-2026-5624 Malicious code in edu-npm-postinstall-demo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fb14831b7d92cfc67e25e029a80fd7a2fb855e68863a0f08f71e8d5fe41fe7ea The OpenSSF Package Analysis project identified 'edu-npm-postinstall-demo2' @ 1.0.3 npm as malicious. It is considered malicious because: - The...

Malicious code in tailwind-animator-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f89c3c4c01375bc7baef213c815a901ac3947eaf3835aa80ea67a725ece8d533 The package's main entry src/index.js appends, after a large whitespace gap following the legitimate-looking Tailwind plugin code, an...

Malicious code in tailwind-typography-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29345b97ddc8c5fe985d1a69d53db15e4126052929267a584b463e94f43b0bc3 [email protected] impersonates the legitimate @tailwindcss/typography Tailwind CSS plugin confusable name, copied plugin export shape,...

MAL-2026-5619 Malicious code in tailwind-typography-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29345b97ddc8c5fe985d1a69d53db15e4126052929267a584b463e94f43b0bc3 [email protected] impersonates the legitimate @tailwindcss/typography Tailwind CSS plugin confusable name, copied plugin export shape,...

MAL-2026-5614 Malicious code in janus-erc20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 728f3d5af5a999be016a49283fff2c5cedc0c5df445d2f078f1f9817dde22334 On npm install, postinstall.js harvests installer secrets and POSTs them to 193.203.169.109:8443/c/janus-erc20 over HTTPS with TLS verification...

Malicious code in datetime-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dc38777296d43cff21c9e56d16208c8925c6dc25b5dec4227823da94096433d The package presents itself as a lightweight datetime utility but its main entry datetime.js invokes collect from ./index.js at top level, so any...