MAL-2025-415 Malicious code in coinbase-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a25de48e1e4b5422328ce0552b7bbefcbff48c60e5210c28c0a825009ca329b9 The OpenSSF Package Analysis project identified 'coinbase-api-client' @ 999.9.9 npm as malicious. It is considered malicious because: - The...

MAL-2025-410 Malicious code in bookingcom-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3efaad9e12b23a4ec5230344045108f961982d137157a29edb1283679f35031 The OpenSSF Package Analysis project identified 'bookingcom-tools' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-392 Malicious code in apple-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1054f2c7b28ea826d1b98560fe419993d4d2f4bf88d863f28e52200fcdc784f The OpenSSF Package Analysis project identified 'apple-gateway' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-374 Malicious code in amazon-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4b71318a5323c17de18f5573bc2c87a70f80ec6de2577c55c243993d76da1f51 The OpenSSF Package Analysis project identified 'amazon-cloud' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-371 Malicious code in amazon-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 972d775baca466f5fa482d2629c80172c236ea0f349612f1e9e9aa9f00919807 The OpenSSF Package Analysis project identified 'amazon-auth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-369 Malicious code in amazon-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12894a12a5148065c49468c741a4ba9eedea8c2a1c90262be5e3263553730582 The OpenSSF Package Analysis project identified 'amazon-analytics' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-378 Malicious code in amazon-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f6b905daf64e276ca8caef8989a1d7964855db0456a4512fb566fbecda0c79d The OpenSSF Package Analysis project identified 'amazon-event' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-385 Malicious code in amazon-payment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9680dbff3b7fad0b576b1efae75268c097baf1059dc1238e024598ff9cf77028 The OpenSSF Package Analysis project identified 'amazon-payment' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-382 Malicious code in amazon-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 00fffe8a9d54ad61ee1ae7e0d4091db1d8f442df37de1763e2a81e4647fc0dba The OpenSSF Package Analysis project identified 'amazon-logger' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-356 Malicious code in airbnb-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5dbe417775cdf936de0b309b6f15596072d0e6111399a3f24d499f98f0fde022 The OpenSSF Package Analysis project identified 'airbnb-api-client' @ 999.9.9 npm as malicious. It is considered malicious because: - The packag...

MAL-2025-352 Malicious code in no-style-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9044d80b8ff33b0d2a50511386c0fed003004f9452211938b949aca211b0866 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-323 Malicious code in mathworks.github.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32e52ada951c82ef138dcd96976a00cb9d2e1c15f171f1b3c4768a030075bba3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-147 Malicious code in testpacke (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38b837aa65eec730e3f6478200b0f279baef7aab09893e795b1173e13a686837 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-146 Malicious code in showcase-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72fdeda4a40b1170fc3888255d22ac1cb9cfe37834663d8a5812539c21e7c8e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-145 Malicious code in chipped (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8b4d484b6a0b05dde597bbc9ba800eec0c201e3fc81387511d009ae01d5e07b3 The OpenSSF Package Analysis project identified 'chipped' @ 1.1.0 npm as malicious. It is considered malicious because: - The package communicat...

MAL-2025-143 Malicious code in bridge-transaction-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db5956f81e131c01814a55fa4294eec8b2c4a0a037934a273bcefad48aca0599 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-139 Malicious code in snapon-imageviewer-lw (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7053e8d93acd05ac2454f25c628ab30c641d481373e8f20a08b28a0f66e1fe38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-134 Malicious code in dbximgs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a752546905d1373f7b092a98454b7ca4e820bebecb1af358ce0a6a72fa9a1e8 The OpenSSF Package Analysis project identified 'dbximgs' @ 2.0.0 npm as malicious. It is considered malicious because: - The package communicat...

MAL-2025-73 Malicious code in utf-cleaner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 09b9e5c5deafbf756df5201976fdbdc3c61c10e815234df9aeb32764a3cd9652 During import, the package silently downloads and executes remote code. This code starts a web server in the separate process and listens for commands to execu...

MAL-2025-38 Malicious code in alchemy-web3-webpack-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0baf7db6925882a96eddaa00b4877f9147183d9b00a85fd69b02e5fe625f7ff7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...