958 matches found
MAL-2026-5124 Malicious code in @chat-template/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90c0b7addd5c00b1a582b2097be6020f543e892e5189b58bd0ba94d94e1e5056 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in raven-i18n-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16965d1a02185ab8a7880951f6889127e66f0c1b3ffc718023ce2ac3593bffc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @polka-ui/loads (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1c2dc697d40151aa0c28a6e1bc5fd467a78649ea136e58a874a8269fec093ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4232 Malicious code in build-integrity-verify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a4941223186440162de6c5ce0a5a5797589d69e6957473761b04818b8b9b5e7 The package contains no functionality of its own. Its postinstall lifecycle hook runs npx env-security-scanner@latest auditenvironment via...
MAL-2026-4184 Malicious code in stripe-internal-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6add7fd3034c5b0d00e39e2cbfeb7c664085ef412612b53ebe9fd81767449be package.json declares a postinstall hook that auto-fires on npm install and performs reconnaissance + exfiltration against the installer. The inline...
MAL-2026-4173 Malicious code in is-really-odd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f205432fff885dce7a6dee0e8d1267c65944d3e486abd566683caeaad833692 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @antv/g6-editor (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4152 Malicious code in ribbon.js (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/graphin-graphscope (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in viem-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe6492eec3b776a8654ae561b2f6d53c1a02ab00186b7dc5c8c72fb613c4e901 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/ui-widgets-multi-file-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11925b121ae53cf0e735a083521dcd0dbea2b475fedf3ff4e66e4cfac9d7bbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3545 Malicious code in @uipath/flow-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8016b3433ca7e37f6e4ac3a263a05fd7ba16ce1f652615018abffe280623d21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3445 Malicious code in @squawk/geo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b40cdbd9c6b1d4f4cfb2769aa09dc2a6c1375426de1eaa166de681740f556cd4 The package @squawk/geo was found to contain malicious code. Source: ghsa-malware ff0e460885b141aab0b22a38b446936439b76287160c78aaad30d7ad4ab22ed9 An...
MAL-2026-3444 Malicious code in @squawk/flightplan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e10ea8e442eceb45822eebfabfb86917c9a166af2490c6e670da321110d04d47 The package @squawk/flightplan was found to contain malicious code. Source: ghsa-malware...
Malicious code in @tanstack/router-devtools-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pocpoc2626 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a43e5357592b2bbbe0c68be3960ac829ab988a15b57d63df5ab954c9d0b5b09 The package pocpoc2626 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in apexpro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80f8783908329ceda250d21f3d9d39a117f80f8ca55c400c72065449d2a0bc1c The package apexpro was found to contain malicious code. Source: ghsa-malware fb2932c368cbb684114a08865c171d8af11aa8af3738e7d156f5692beccd48d5 Any...
MAL-2026-3007 Malicious code in json-dec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de1db9ce26e4c5f4788ebbf809fede48364dd0741a8f4d0aa5580fac4b199f59 The package json-dec was found to contain malicious code. Source: ghsa-malware ad7f787412af0259dfcb2bcbb7429600fcb3c8a92510c70699961455caddd9ad Any...
Malicious code in changelog-cli-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98a1e229322241da9d146f6aad5c96de566b2707088406fd7de40cbb69445023 The package changelog-cli-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2994 Malicious code in @openwebconcept/theme-owc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9da7f58491c9c4715c34da32da8f4a9d1519075412a9be534d19e6e07466e2 The package @openwebconcept/theme-owc was found to contain malicious code. Source: ghsa-malware...