MAL-2026-4860 Malicious code in @qlab/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7872b498f71081087798b86ec67dd7fc33ab268d9b36de04b7d5d2b2698205 package.json declares scripts.preinstall: node index.js, causing index.js to run automatically during npm install. index.js collects os.hostname,...

MAL-2026-5027 Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

Malicious code in @service-suppliers/set_suppliers_loading_stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52d21512cf72b6b9822978fa95b217f0412f0d8ec55e5667addf4a486ad0965b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/set_suppliers_loading_start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b90557d314c93e20a5e2c0e307eb25f28e9e17cb31c630a6ae64b1ce8fc8013 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-user-notifications/reset_notifications_not_removable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d12701905c6e59f7189850ce7624f64dfcf3201ff6505294ff2030f1f9e147a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/set_country_list (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f579bcefb3ec1dc8c936abcfabad40d3d8c10e857abb59a18c74d22868b8eaac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/set_suppliers_data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0469f2493e0faa6db2b4dd70c85c58062f538457a60d4d4b77b44c861f665665 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4852 Malicious code in @service-suppliers/set_initial_loaded (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd44f16d8e16a982d3d1b38f7956db80de10ef3c0c176e7079e684926c1c3c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @service-suppliers/setsuppliersdata is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

Malicious code in @service-suppliers/set_selected_supplier_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7dd674623e86de8efd6f88b138b7e387d1b96e80c48d9a6e8ab81e0189fcf990 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/reset_country_list (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5e6ef79773321419089b562c7d3d0a2dc262c6f2e3337df06d953ac9b2a45a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4854 Malicious code in @service-suppliers/set_suppliers_data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0469f2493e0faa6db2b4dd70c85c58062f538457a60d4d4b77b44c861f665665 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4851 Malicious code in @service-suppliers/set_country_list (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f579bcefb3ec1dc8c936abcfabad40d3d8c10e857abb59a18c74d22868b8eaac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4853 Malicious code in @service-suppliers/set_selected_supplier_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7dd674623e86de8efd6f88b138b7e387d1b96e80c48d9a6e8ab81e0189fcf990 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4850 Malicious code in @service-suppliers/reset_country_list (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5e6ef79773321419089b562c7d3d0a2dc262c6f2e3337df06d953ac9b2a45a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4858 Malicious code in @service-user-notifications/set_refresh_interval (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b13124f8eaabc2481894f69a70d43e10c28911bd5e2ef7e23716ae26b1113f5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4857 Malicious code in @service-user-notifications/reset_notifications_not_removable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d12701905c6e59f7189850ce7624f64dfcf3201ff6505294ff2030f1f9e147a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4856 Malicious code in @service-suppliers/set_suppliers_loading_stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52d21512cf72b6b9822978fa95b217f0412f0d8ec55e5667addf4a486ad0965b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/fetch-suppliers-watcher-saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74317c1ce2d301970954a3b87d59143188bf88c4f822ea2eba15c88db25cd5f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @polka-ui/configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebba90c019747402643a8d0056cd96101fe56feb8e9a4e14eb86cac2274def82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...