MAL-2026-5097 Malicious code in cms-storehub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dda5fa0b4771a3299568c8dd8d17d5663d9c8ae782b8c71f4a2baf0ce1f8e5ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cms-storehub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dda5fa0b4771a3299568c8dd8d17d5663d9c8ae782b8c71f4a2baf0ce1f8e5ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5090 Malicious code in neuralforge-ml (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0a68c3ef2f7680eab753f62cc1792ae7df68bb15400e09971cc9c34a444307b The package contains stub code only imitating real actions. Starting with version 0.9.9, the code contains exfiltration capability activated under specific...

Malicious code in crypto-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbb379240ef7e43770f6dab576919fa97bd23ffbb8d3e39b31fd656649335fd7 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

Malicious code in cryptolock (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0140fddafadce54debaca7d9591e2770acd987aaf90ec7008b4ae4cf301c233 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-5089 Malicious code in cryptolock (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0140fddafadce54debaca7d9591e2770acd987aaf90ec7008b4ae4cf301c233 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

Malicious Package

Overview @cloudplatform-single-spa/dataplatform-metastore is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious code in puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9032a522708cf49b925eaee77c313e16ee097040af91a2a9c86e16a957a183e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5077 Malicious code in puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abb5e0ca28fe73f218eea4bcbf584520cc1618dbc617326c9036f4de5b9a85c9 Withdrawn Advisory This advisory has been withdrawn because the malicious package detection was a false positive. This link is maintained to preserve...

Malicious code in midoss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73bce73a188c2742f2c66ec85906c0bea50468d8c606fd6d38d4ea5698119007 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5073 Malicious code in midoss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73bce73a188c2742f2c66ec85906c0bea50468d8c606fd6d38d4ea5698119007 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in customerdigital-service-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d58926a994bd05ac4db3c984f96186b2d52da1235a3f56f34843c01dd2246408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5063 Malicious code in customerdigital-service-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d58926a994bd05ac4db3c984f96186b2d52da1235a3f56f34843c01dd2246408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chai-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5110f40393583ef41ebcfa3558d782310a40a78227a040480d871c25311b79ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hardhat-evmchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f369bb56919b0bda50e063229cfaf0fd1b0481d62c6d5fbdf90eb6e5cd6ac6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5072 Malicious code in hardhat-evmchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f369bb56919b0bda50e063229cfaf0fd1b0481d62c6d5fbdf90eb6e5cd6ac6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5057 Malicious code in appkit-react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49e8fbd1c8061ffedb22f37a8fa90ca96d9830f45d7d318f421681c558aec29d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in appkit-react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49e8fbd1c8061ffedb22f37a8fa90ca96d9830f45d7d318f421681c558aec29d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @rsi-community/hub-schema is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview viem-multichain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...