Malicious code in @johntaohunter/forge-jsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bfdaadccdf8be83d7d73486bbaef607a373bb063881e36a37ef0c0846e701b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5676 Malicious code in ioredis-typed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bd3dadb6d1e5369a82a26b784f5d557e289158636cdf678333f9deef05dd996 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5675 Malicious code in ioredis-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15186d98f16a0cfdcb0cac8d616ea4afc4e6d1443be464ef1a140ab79a5d5d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5673 Malicious code in zatzdbai (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in zatzdbai (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @iobeya/spa-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5655 Malicious code in @hatcha-captcha/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @integrations-center/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a23606af0a8ca92d6caee4fa3a9171e6268ad073eec054cb0d2835747bf7cbbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @coterie-baby/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb0f46407e3ad7d060630b7aec9ce77a68f41c3a9fd3678941d6d43ca78b68a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5660 Malicious code in @ntnx/nx-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5de5a928dc220e0142c863d66448e5675a2d3283b7bf5b4e3133f4f3806bb38f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5659 Malicious code in @ngt-frontend/widgets-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea73e01bd9fd14de80da7385a457c47d65d0af138480a99f91556880fabf9d3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5668 Malicious code in fed-callnative (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3971b7c0ac52c7cb668a8147d9774cb0f7a0b4e0bf04a59a6b55426f9c84fcf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in unified-ui-components-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78fe6900f4329c8e4c7bb5322f0e30a3f3b90e289c45852fca61c4fd16f43fd8 On npm install, the package's postinstall.js collects os.hostname and os.userInfo.username and embeds them as query-string parameters in a plaintext...

MAL-2026-5642 Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

MAL-2026-5644 Malicious code in self-certificate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a2141f4facbd3abc437287c86971f1b3bb6795fad75990624f735b72139167d The package advertises itself as a self-signed certificate generator, but its main module index.js contains a loadSampleCertificate routine that read...

MAL-2026-5641 Malicious code in goreleaser-run (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2733e0c086915d44eb8c971575087d9260bf1133d62da63920b578cf7e60c30 Package impersonates the legitimate goreleaser tool name goreleaser-run, homepage spoofed to https://goreleaser.org; goreleaser is not officially...

Malicious code in goreleaser-run (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2733e0c086915d44eb8c971575087d9260bf1133d62da63920b578cf7e60c30 Package impersonates the legitimate goreleaser tool name goreleaser-run, homepage spoofed to https://goreleaser.org; goreleaser is not officially...

MAL-2026-5643 Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

Malicious code in ecto-corsair-whisper-6f3b9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4a0788a8447c0cc7ef6abd8bc0726849d50c6238ed90b0642e658f8cc20ead8 On npm install, postinstall.js executes a shell-based reconnaissance pass over the installer host: it enumerates process.env, runs find/grep -RaoE...