MAL-2025-37 Malicious code in shopify-ecommerce-shopping-cart (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a28c4bb6f1ccd57758357f7949eda10b66b8dcc6c7249a4b0756f28d5517369 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-34 Malicious code in @shadowbyte/checkout-telemetry-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3309a46cb7d7602b6b36a782d12752e0b69f409896afc9dd2d9fa4925d65b4a6 The OpenSSF Package Analysis project identified '@shadowbyte/checkout-telemetry-agent' @ 1.0.4 npm as malicious. It is considered malicious...

MAL-2025-33 Malicious code in pre-commit-tasks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3f86360c5d5f5979a278474cb95f178bed388a7ce152931eee872318ac5fcd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-32 Malicious code in hts-open-dex-react-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 71bfac5a5597cde45524360e887ab5bed0c9e5b8c5337ac9c0728b677529de56 The OpenSSF Package Analysis project identified 'hts-open-dex-react-ui' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-31 Malicious code in innocent-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6fc7d792ebeefb0b83aeaecc6964d6288dced704804e70e6d7531b6a6dffc4a2 The OpenSSF Package Analysis project identified 'innocent-package' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...

MAL-2025-27 Malicious code in cursor-always-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 614a7726e7b2899695d56d3b75f1f9179a6fcde5654913693b20e521e476840f The OpenSSF Package Analysis project identified 'cursor-always-local' @ 1.0.2 npm as malicious. It is considered malicious because: - The packag...

MAL-2025-26 Malicious code in @patternfly-v5/patternfly (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b43e835ee1484fff5f40f97988af91cf9adfabcef41f9bd4970a9eee273ee7ba The OpenSSF Package Analysis project identified '@patternfly-v5/patternfly' @ 1.0.2 npm as malicious. It is considered malicious because: - The...

MAL-2025-21 Malicious code in tree-sitter-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fbacf70d3997892f49d729cbc0db29837ec65744402a0ae0c62460813e7f254f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12137 Malicious code in proton-parking-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 506697cca5654bda57571824a1c769ba976811a08a53a12e057f80fac4a610a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12131 Malicious code in contentsdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20d682572d937337218240c73c90b9b0b4245feb639e633225bb21bf8f5fc32f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12126 Malicious code in @awan_7715/model-viewer-space-opera (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e555e285993ff5179f3dad8424c83097053d02d6b4a91a72319eaabb6f1e6282 The OpenSSF Package Analysis project identified '@awan7715/model-viewer-space-opera' @ 1.1.1 npm as malicious. It is considered malicious becaus...

MAL-2024-12120 Malicious code in browseui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b865711cc57e93ff56175fee9d7711ab24c1a824c5f9f4f10e569411353ed1c9 The OpenSSF Package Analysis project identified 'browseui' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2024-12119 Malicious code in stablecoin-aptos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76e77737db0ec2672a2287bfd58f691ef6d2adea8121df9b5d8e7687048c27b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12116 Malicious code in old-celo-identity (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb1842e08f1ce198d27488ce0f57a12762160650f8c130e49d19053af3f86147 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12114 Malicious code in react-spring-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4479151acbc242dd9b62ac68197121a3b973d6eb0b58d6a0ac6900f63b9fe1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12113 Malicious code in testforyt7hb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7ffea609123713e81da0d17141ca37dca97eaa7848afcbf299d969e5108ce7e2 The OpenSSF Package Analysis project identified 'testforyt7hb' @ 1.2.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-12112 Malicious code in tree-sitter-dockerfile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 345b2afbf518dc7083621e0f9fb5e7e8b109a319cc7aec619f17c7aa9b18deca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12099 Malicious code in opsgeniewebhook (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07d9cb12e4cb019225476233e2c9739733fa4a73420e916e0db42a01a6abcf33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12098 Malicious code in widgets-mainappointments (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a05c4f3cc4d5297de929275823c2b67fd6bb6f8988f85acc300b9e4b342219b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12096 Malicious code in lib-wallet-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61a0b7fe2eb9c6236a827159916053db6e8ceb5fd8aec76e15eb7c2711d95d73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...