MAL-2026-5716 Malicious code in beamz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c380f1f0fc3c5cf723cd7d92bf41c30f622aafaa633a32f0a78bf91a3a769d2a The package advertises itself as a credential-transfer CLI but implements transfer by reading the user's Anthropic Claude Code credentials...

MAL-2026-5706 Malicious code in theta-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09b0737ff5b0b0768e2314b014529b80609632a38dfdc3a9ad6cfd6ab1da9039 package.json declares postinstall: node dist/index.js, and dist/index.js executes Model.resetor at module top level — meaning both npm install...

Malicious code in transportator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f40d878023c5462d17916a03d22d7c2e9e1573ab590f50532aa2e620e7a5a13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chai-web3-testkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc1472c1964a224051ad01d14dabfdfd3ca26d594fff02fb07192f423238691 The package advertises itself as a Web3.js testing toolkit but its content is copied from the legitimate chai-smart-assert library and a malicious...

MAL-2026-5700 Malicious code in transportator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f40d878023c5462d17916a03d22d7c2e9e1573ab590f50532aa2e620e7a5a13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5701 Malicious code in vite-react-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 879905a93676f42398cca583eb921d5ee04a7c84068d7aa0123a7cefdf26d995 On import/require of vite-react-toolkit, src/features/extras/config.js reached via the package main → createConfig.js → features/plugins.js side-effe...

Malicious code in web-model-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2c385c177531c421e5a49f41d931890a48c16c921b23cc20f2bf4cd8fae893 On npm install, postinstall.js sends an HTTPS POST to https://ddactic-lab.online/sc/beacon carrying the package name/version, Node version, OS,...

MAL-2026-5687 Malicious code in ecto-flag-read-m7p2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47c876fa0bc683b97fe06619068fb4b205e5813e95917d8cd6d9df7a732b1499 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ecto-corsair-flag-x9m4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd1e74d04f91a92c7c0205e252bc0002095d0c1ce9b9e9390083d267422e8b10 On npm install, postinstall.js executes attacker logic gated by hostname and working-directory checks designed to fire only inside CTF-style containe...

Malicious code in ecto-spirit-win-k4n8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bca2b14b2c93ed832aa83a138c20bc53b4e053cf282ef5878333b1f50b803e55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ecto-spectral-leak-8d4e2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...

Malicious code in ecto-nightly-spirit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...

MAL-2026-5691 Malicious code in ecto-spirit-win-k4n8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bca2b14b2c93ed832aa83a138c20bc53b4e053cf282ef5878333b1f50b803e55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ecto-flag-read-m7p2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47c876fa0bc683b97fe06619068fb4b205e5813e95917d8cd6d9df7a732b1499 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5688 Malicious code in ecto-nightly-spirit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...

MAL-2026-5689 Malicious code in ecto-rust-read-f3a9c1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e73d10b993d9601d0dfe78d143a550ed008b8233beb8b88b7443208e4d0fa89d On install, postinstall.js evaluates a targeting heuristic isRealTarget that fires only when the build environment looks like a real corporate...

Malicious Package

Overview ecto-spectral-leak-8d4e2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview ecto-win-flag-q2m7 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-5686 Malicious code in ecto-corsair-flag-x9m4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd1e74d04f91a92c7c0205e252bc0002095d0c1ce9b9e9390083d267422e8b10 On npm install, postinstall.js executes attacker logic gated by hostname and working-directory checks designed to fire only inside CTF-style containe...

MAL-2026-5682 Malicious code in coral-wraith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0e5e4aa66ffeb1481fd587c96f596a227c9388b86b3a3443749b5ec9eb09f1 The package's postinstall.js runs at install time and performs a credential-harvest + host-tampering chain against the installer. It enumerates npm...