MAL-2026-5634 Malicious code in react-photo-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99fbc6cc42b7ec545aaa5d9ade01d00d4a22c4c35fc241681eab542599503df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tailwindcss-animotion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96413f4c88df11bc7b9783884da8c9c18d04f8b37134ca1f8891551def09e788 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rate-limit-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tailwindcss-animates-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36f982d7c842137890d743938442fe409fd41a786fe5727bcd77277406b2a189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5632 Malicious code in tailwindcss-merge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 757933d4ef7a3a1e94cb1316d0f0f24d6f5fcb30dd482e130c0fa348939dad66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5631 Malicious code in tailwindcss-animatics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b874b5b9324f64b8a30a60f2c89c8ea75dd40de7503a678c9d0e1829e53e8f01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in typeorm-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc67e2dca7bff2668f3bf2504574289c8ed5d5bbda1e2f52636df55205076d0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5628 Malicious code in sass-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0068d27fedb58c57dabb36f110b6410a8f422774734cee9ea53e7fdc7f66da5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in clsx-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25973e59fcbbe092c0fd9d1f868fb37c1b1492fb830a534806e51bbbc795935c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5629 Malicious code in sass-formats (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 593849a1308008d25bbda542cd5504e43cae6241d7ebe1c44b08377e2afe13d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5623 Malicious code in edu-npm-dependency-chain-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...

ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

Malicious code in claimora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b785b842f24aeae0e20157784b17a8bff7003e72575ac9a3aa9cbeb550a5c92 claimora impersonates the jsonwebtoken library auth0: package.json sets author to "auth0", points repository at a non-existent...

Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

Malicious code in internallib_v346 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16f3f2c0990e02417fdf7012e6531393e81f786bb16019d0efdb03c049817f90 Package name targets an internal-only namespace and ships a reverse-shell payload. index.js line 5 unconditionally invokes exec'/bin/bash -c "bash -i...

Malicious code in chai-as-victimed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...

MAL-2026-5605 Malicious code in chai-as-victimed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...

MAL-2026-5597 Malicious code in 0x2ai-demo9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb3fa91a9457ef11dc837c301fef1b22dbe1b19f00400215d853958726e1d055 On npm install, the package's postinstall script writes .mcp.json, CLAUDE.md, and a .claude/commands/0x2ai-boot.md slash-command file into the...

Malicious code in 0x2ai-demo8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc8b825a6ca24f0ed99210734ea8d4f4fb7bf1bbdb3767b67417bf5cdb83257 On npm install, scripts/postinstall.cjs writes a .mcp.json into the installer's working directory that registers a stdio MCP server...