MAL-2025-2605 Malicious code in lwc-recipes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92235263cd97e4d59a59394c77aeabcc20e347bda974b68b18072cf74295f12c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2562 Malicious code in com.unity.performance.profile-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0af641db458fc7a8378ef6660e94aa21d6e8a8662aa90cc72412d909765b39d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2539 Malicious code in @brix-crypto/crypto-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7667e8bc15f436605e7a5f94dbf1a1d0534b380ead2a777826cc73ad68cf586 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2486 Malicious code in militaty-geza-blessed2025hondo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f68cc04dd7a67be9ecd2b61249ad24d3e6b39c02fd0195aa04d3e1652294da0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2485 Malicious code in sendmoneyserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22431b45239f04c82c7ad749764ff1a438263e5fb1fa13236061aecdd49bf1b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2483 Malicious code in idt-validation-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d72d5fae92d76007bde68b9b614eb69f67499c1fdc108ee21598c9df3e8937b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2450 Malicious code in com.unity.testtools.codecoverage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ed939e317fc9dd609fd574e15a987ca53e56d84311ad769e3cd7ef39b3c76d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @flutterfire/source-ui-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d5007a2c3f744fc79ba88f20dcf5897470581ccbb3a076b83a10d43ad9c6f5e7 The OpenSSF Package Analysis project identified '@flutterfire/source-ui-widgets' @ 1.0.0 npm as malicious. It is considered malicious because: -...

MAL-2025-2442 Malicious code in ionicaiosampleapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae3e09f0b7537140686ef5504c21e18b301f44e502feb68aad99bd4c5346a876 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2346 Malicious code in oasis-os-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0855cc5a073138729aaaff78692f8f6b631c4466abbd62dc4a8d7407b86ea5e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2344 Malicious code in mocha-dast-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09f8297f30739d5810d9dfb46db787d2d403256217f71cbd9b85c5e8671ff8f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2343 Malicious code in messaging-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fec082e41ee10acbec950c120b5c9c4a3184fbe0ce6995a3da0356c826601e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2447 Malicious code in paymentread-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99ea0fd7ce8df578106ddafd97e7ce60c03a1b0c1481c5a1caa636edd634246b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2446 Malicious code in paymentlookup-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a353126553c901a947450d8496b7b7479aa1c0b81c8cbbe5784801c4304be21b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2444 Malicious code in invoiceread-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4462bd23e04580838c5d69582dd0687b88a333d82d6b64a876c17bbcdf7f5ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2341 Malicious code in @contraktor-tech/poc_confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9fb8ec2fd9c3fd1eb30ca17367b62f932aa239c8b9209269913e9c88ea105536 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2340 Malicious code in notification-center-admin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3608296b1021343f3245e75793f59483ee9c78f0aa41ca662756286d02d348a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2445 Malicious code in malwaretesting1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0dfabd3ff2ac6ca412b085988e3c2afdc4d44178dba2cfa134d851c159ccb7f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2232 Malicious code in cb4good (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c16e1ebf21c15491517654d93507f4ac7ca8aa96e47403f10fd753ef7bcbca95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2231 Malicious code in @partner-tech/pax-illustrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 59fd97ac6b88180973bc6765a95cc0730d5de2879c68c3d7d29dda4531b7fbec The OpenSSF Package Analysis project identified '@partner-tech/pax-illustrations' @ 99.99.106 npm as malicious. It is considered malicious...