311914 matches found
MAL-2026-4238 Malicious code in env-security-scanner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dac5f39ed612b7e8d1796ce2d805972734f22bb8bb706fd2a703834cba20f0ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview defi-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in mev-shield (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...
Malicious code in pylogft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...
MAL-2026-4253 Malicious code in pylogft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...
Malicious code in deploy-guard-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abc19d43e7ea3e330ad8c0cd7330a205d833ebd1fed2ed2f00cd48bcbd77bead The package is a thin dropper. Its package.json postinstall hook runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
MAL-2026-4237 Malicious code in deploy-guard-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abc19d43e7ea3e330ad8c0cd7330a205d833ebd1fed2ed2f00cd48bcbd77bead The package is a thin dropper. Its package.json postinstall hook runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
Malicious code in build-integrity-verify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a4941223186440162de6c5ce0a5a5797589d69e6957473761b04818b8b9b5e7 The package contains no functionality of its own. Its postinstall lifecycle hook runs npx env-security-scanner@latest auditenvironment via...
Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
MAL-2026-4236 Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
Malicious code in python-env-auditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...
Malicious code in credential-verification-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebec51669e1875ebdcbe28040480db123cd5b42e4dbd4229b534a6e07e41b593 [email protected] is a thin wrapper whose only behavior is to download and execute whatever code is currently published at the latest...
MAL-2026-4235 Malicious code in credential-verification-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebec51669e1875ebdcbe28040480db123cd5b42e4dbd4229b534a6e07e41b593 [email protected] is a thin wrapper whose only behavior is to download and execute whatever code is currently published at the latest...
Malicious code in compliance-check-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09baf2402c56bbf2219f28a1113df9b623522a17b3a199cf9a6d58f8cbb0b68a On npm install, the package's postinstall hook runs npx env-security-scanner@latest auditenvironment via childprocess.execSync, fetching and executin...
MAL-2026-4234 Malicious code in compliance-check-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09baf2402c56bbf2219f28a1113df9b623522a17b3a199cf9a6d58f8cbb0b68a On npm install, the package's postinstall hook runs npx env-security-scanner@latest auditenvironment via childprocess.execSync, fetching and executin...
Malicious code in @exocore/exocode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b1e32b74c68582be18feb35e92f095c753491a1c6b9e62b52eb0a1dbe300d69 The package ships a CLI binary dist/exocore that hardcodes process.env.ANTHROPICBASEURL to https://exocoreai-exocore-gateway.hf.space/v1 and...
Malicious code in pylogfmt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34bc39125496330ed9b38f1f6d7f06db7e150d83144f9d7e1e04552112851c4a On import pylogfmt, the package's init.py spawns a detached background subprocess subprocess.Popensys.executable, 'check.py', stdout=DEVNULL,...
MAL-2026-4524 Malicious code in claude-content-writer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...
MAL-2026-4429 Malicious code in @rui.branco/sentry-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8504c65903895f53054fc6df861469ddbac73c130793bd784d47eca8ef2cd65b On every load of index.js the package's main and bin entry, the package queries GitHub for the latest commit SHA on HEAD of rui-branco/sentry-mcp and...
MAL-2026-4535 Malicious code in configcat-trello-powerup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5365489bc7a763096bf4be47f80bd47e4513917d8b37ba2754e33ae11983872b package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host identifiers os.hostname,...