280 matches found
Malicious code in @mastra/fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e3fd453d8d4b3cf403d6d1445b295c8de0462a463c857388fb6c800c7c897cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ecto-nightly-spirit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...
Malicious code in react-photo-views (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...
MAL-2026-5369 Malicious code in @doaction/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96ec00bc5ed7192c8483a1b27f2212ce64e5a86f1dc309b66d14ea969de00fb @doaction/[email protected] is shaped as a public-registry shadow of a private internal package: scoped name pattern, inflated 99.99.99 version, and a...
MAL-2026-5371 Malicious code in @doaction/example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5632bd1a9818c4a4af54e5297d40c10279d83e702ee5f59fa9bd50c52a33e0bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5111 Malicious code in @redhat-cloud-services/chrome (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in foundry-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3739 Malicious code in viem-utils-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3d1feda8a13ce43d926de9052753f882f9f51f8afa6572c92bb4a5d3ca9412e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3443 Malicious code in @squawk/flight-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0595c498e25ed96bb0a13cf8ce777df0977f4c1580aadfddfcb0eaf1ae3d7915 The package @squawk/flight-math was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3275 Malicious code in @kills_sh/bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e7f5c26dc70e3f5d44e3fc5b4b94fba66089cf8d0d718fc48c4f85aada6f830 The package @killssh/bootstrap was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3209 Malicious code in apple-internal-security-library-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2656 Malicious code in tailwind-stylecss-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f774188361889c2e95f246317a2fece3219b9d9952ff3645e4d108bc525c5 The package tailwind-stylecss-typography was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2631 Malicious code in babel-plugin-blocks (npm)
Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...
MAL-2026-2098 Malicious code in sd-basket-highlight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-1971 Malicious code in trex-proxy-browser-extension-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb36a59a719cff949c203a03a41c54b637bb1974bdea728b1bc15e837a7db45 The package trex-proxy-browser-extension-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1964 Malicious code in pretty-loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ac086b231c77fe68e31ce08ba212f70807936ae95b86d5af7fce505d9e20118 The package pretty-loggers was found to contain malicious code. Source: ghsa-malware 0218f0b3be8b1ccf4ed897adca433d157feeee1163f03cf8ed2e0b435ad90e8e...
Malicious code in bluelite-bot-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d02181290fe37f11e082818a15c1f6baa4d8479279412a74ec4b440ec14dafc7 The package bluelite-bot-manager was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1185 Malicious code in @bookings.microsoft.com/s (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa10e8f4ab4580d4d9aedaee9a9e0c036b3248364f0680727df6871025d7e2f9 The package @bookings.microsoft.com/s was found to contain malicious code. Source: ghsa-malware...
MAL-2026-833 Malicious code in express-configer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e492b9087ab21198777e586b9d21eade1fe2948bb67f1ab484c7274056861276 The package express-configer was found to contain malicious code. Source: ghsa-malware 8484436a0b43b94054c0fa7ceb955362a6557d9bef3019e2fae2e51e42ff1f...
MAL-2026-679 Malicious code in epic-admin-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53764f149897a5c5d4373d2f217da3994123f2664db8150cfcf37b474ee632db The package epic-admin-ui was found to contain malicious code. Source: ghsa-malware 34cc1c893e75c3b3e5849e74fed6d7f75ce784c9e933d878d93e773fae313305...