MAL-2025-5252 Malicious code in myuscis-material (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cba011b86ceb83ee613aceb9c55a91e8aabbb2df8d473962bff0b0c55879ce49 The OpenSSF Package Analysis project identified 'myuscis-material' @...

MAL-2025-5270 Malicious code in ironrouter (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8db235a767a179808d3df5b5e15f5676850b25a679617352d6ad2456f5ed891f Any computer that has this package installed or running should be considered...

MAL-2025-5276 Malicious code in zd-cms (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2cd4b6e5f904d9039529f697c3ca31c5d9f0076ffa83fe179d054059ae14df3e Any computer that has this package installed or running should be considered...

MAL-2025-5271 Malicious code in magewire (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b5673177c3d8b559cc2235b1593c2c06131afd64553497997b2ab2664fc4e9fe The OpenSSF Package Analysis project identified 'magewire' @ 99.99.2...

MAL-2025-5248 Malicious code in aog-checker (npm)

Malicious package due to data exfiltration via HTTPS and DNS, and a suspicious preinstall script executing code before installation. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7348f881da3fd51ab1de0082ff6538b4c7882dd76eb460e2f64cac368fadd7c7 Any computer that ha...

MAL-2025-5243 Malicious code in ptl-oem-wifi-portal (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4042b553c169f3d608add738de30750c0fff9195a89b3f469eca6017a87aaa11 The OpenSSF Package Analysis project identified 'ptl-oem-wifi-portal'...

MAL-2025-5265 Malicious code in agoda.cronos.gql (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0918c4b7cc7549b33d32ef492ce8439108e4df06cece719c5a0e497e048f6293 Any computer that has this package installed or running should be considered...

MAL-2025-5269 Malicious code in fooldependgcbk8x (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40edfccd147dc478664b7c35428ddcc41628c4bd8d11341b39de5092cf1ed958 The OpenSSF Package Analysis project identified 'fooldependgcbk8x' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-5268 Malicious code in fooldepend9f218a (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2d68aea54197ae7455406cdcc725402bd69770cce80a8958ec4d1627b67a2814 The OpenSSF Package Analysis project identified 'fooldepend9f218a' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-5213 Malicious code in handelsblatt-hypesignals-ui-components (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1041cb10e755d31aaf87160a55cd21a723840476f966117b7895256ef06ae13e Any computer that has this package installed or running should be considered...

MAL-2025-5211 Malicious code in cro-pricing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ad3153abfc5098f205551190f8a491deda5c4b47c00a18ed66800ef238c6b78d The OpenSSF Package Analysis project identified 'cro-pricing' @ 1.0.8 npm as malicious. It is considered malicious because: - The package...

MAL-2025-5189 Malicious code in stickycta (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e9b59129d2640bb57e314361b0c283ed1727a3339a6fcf09e0b5ea8776758fcc The OpenSSF Package Analysis project identified 'stickycta' @ 1.0.0 npm as malicious. It is considered malicious because: - The package executes...

MAL-2025-5176 Malicious code in tap-bar (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80f415a4d7c9d782ada5f5ee7e58ff393f870157306c8a90d325fcd796825e6c Any computer that has this package installed or running should be considered...

MAL-2025-5241 Malicious code in taskcluster-db (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 015560a72e308c3ba1770533176ac7fe0bcfbe4892581829992ee47063774f5c Any computer that has this package installed or running should be considered...

MAL-2025-5010 Malicious code in globalloadercontroller (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 81e00ab168835949314e8a396c7bda27efb18804270a189087903da2a7f1a4c1 The OpenSSF Package Analysis project identified 'globalloadercontroller' @ 1.1.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-5007 Malicious code in reoregistration (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 78444474811c971e219548f0c559d06bef5a4e4cb65703c5ad604ce64f3d0a4d The OpenSSF Package Analysis project identified 'reoregistration' @...

MAL-2025-5001 Malicious code in ripe-grs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a9dcae56aa553fbd3ac26d68ec192342012f6cdf9d82443a1cc08f76d037c1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in comp-base-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86dd56ba61a953e19112e8fd19d04c755f48e262186426a358a7251dc398406f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4950 Malicious code in maxdome-compute (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a03c0986aac72f989f747d0a8145d5753b02543abc7a3d934919e395c825ac42 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4711 Malicious code in bank-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f0763ca6a35d86ac26d0d79bf3170ea38a642062f030c19ac17589065a5e1c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...