284 matches found
Malicious code in whs4_npm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47695d571fe82fbb4402e8cc7f56c05e1cb21d0bc8089ccbd8fca32f8cf5a57c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @content-editor/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @anna-money/anna-web-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51ad1206f707247b245f3a828c780fbe27239f1fa15c8a90782617144669af5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-ecro-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86149b041033a917b3b743b9381a14368e79015385b27b89429cf7f6a35d0d30 No suspicious behaviors were identified in this package version. There are no lifecycle hook hazards, no outbound network calls to attacker-controlle...
Malicious code in @mastra/fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ba29e7c4e2320b4f5852c18ded92c92021cfbc47d5bf8146b1a93ffa58260c7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in ecto-nightly-spirit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...
Malicious code in react-photo-views (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...
MAL-2026-5371 Malicious code in @doaction/example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5632bd1a9818c4a4af54e5297d40c10279d83e702ee5f59fa9bd50c52a33e0bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5369 Malicious code in @doaction/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96ec00bc5ed7192c8483a1b27f2212ce64e5a86f1dc309b66d14ea969de00fb @doaction/[email protected] is shaped as a public-registry shadow of a private internal package: scoped name pattern, inflated 99.99.99 version, and a...
MAL-2026-5111 Malicious code in @redhat-cloud-services/chrome (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in foundry-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3739 Malicious code in viem-utils-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3d1feda8a13ce43d926de9052753f882f9f51f8afa6572c92bb4a5d3ca9412e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3443 Malicious code in @squawk/flight-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0595c498e25ed96bb0a13cf8ce777df0977f4c1580aadfddfcb0eaf1ae3d7915 The package @squawk/flight-math was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3275 Malicious code in @kills_sh/bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e7f5c26dc70e3f5d44e3fc5b4b94fba66089cf8d0d718fc48c4f85aada6f830 The package @killssh/bootstrap was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3209 Malicious code in apple-internal-security-library-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2656 Malicious code in tailwind-stylecss-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f774188361889c2e95f246317a2fece3219b9d9952ff3645e4d108bc525c5 The package tailwind-stylecss-typography was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2631 Malicious code in babel-plugin-blocks (npm)
Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...
MAL-2026-2098 Malicious code in sd-basket-highlight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-1971 Malicious code in trex-proxy-browser-extension-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb36a59a719cff949c203a03a41c54b637bb1974bdea728b1bc15e837a7db45 The package trex-proxy-browser-extension-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1964 Malicious code in pretty-loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ac086b231c77fe68e31ce08ba212f70807936ae95b86d5af7fce505d9e20118 The package pretty-loggers was found to contain malicious code. Source: ghsa-malware 0218f0b3be8b1ccf4ed897adca433d157feeee1163f03cf8ed2e0b435ad90e8e...