4484 matches found
Malicious code in poly-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5aab464aac47233efb564c52d5818fef783efa856f8318c61d61ef99ca0da4e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6285 Malicious code in new-solt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5a46a9516de2c87a2d451b78ace7033fb9dffa9faa4216b84eb068136098cfa Package [email protected] contains index.js which imports childprocess and invokes execSync with bash and zsh shell strings around lines 315 and 331...
Malicious code in ts-esys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041ff0fd2b76f380705ef23061ebfe469477b2fbec8e025eab49a557431a551e The package is published as ts-esys but its package.json author, repository URL, funding metadata, and README are copied verbatim from MikeMcl/big.js...
Malicious code in @mastra/voice-aws-nova-sonic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c109adf5a77f9ace07bb1f5ec93cd8d3464bf675b7a93abc5fdfd64669f0c75 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/google-cloud-pubsub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1bd3f8519d6016a066d4268dae0e9c0d20ca87350cc759832b6053128a5b8d8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5996 Malicious code in @mastra/agent-browser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ba6a41e7e43733a8334968ce740af8771208c66c7529d9f4319bd62e39601d @mastra/[email protected] declares a dependency on 'easy-day-js@^1.11.21' in package.json, but the package's own compiled code in dist/index.js nev...
Malicious code in @mastra/playground-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f95ef610dd6911f5d9c670d625d68b49c360aa9d92d8aa2532087c32ffb88a2a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/deployer-netlify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc319f7f95075b9eb23f3c1dbde016dd6f4a23add16bf96a3449149d316d571 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6017 Malicious code in @mastra/deployer-netlify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc319f7f95075b9eb23f3c1dbde016dd6f4a23add16bf96a3449149d316d571 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43c60df59e1fa51bbf7a5f6737d2c362f205589d70025f426f1004859168b1fe The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/deployer-cloudflare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 134b341a4308b5afd16ffa8eaf1c28befc1ebbd10303579f674eba8c480ba0b0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6015 Malicious code in @mastra/deployer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ada3444d44067bbe5085e0892f7885b106c016c114676c2601b15bbb52ce4a4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/evals (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9bc49e06e746f572e3d99fcd89abf22d51e094de6629cb9cce1988e2d3e08c4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5939 Malicious code in @mastra/ai-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98257d70b56e46a3dcd690478b15c54fb55c270db969b777c0cb42bec21ace37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5625 Malicious code in clsx-tailwind (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e1efb9d7593baede89024227d99cc6ca9fc0c86e1f0faf8dd78560174cf1b39 Package advertises a trivial Tailwind class-name merger a 5-line cn helper but its main entry dist/index.js unconditionally requires...
Malicious code in solidity-abi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d00c844413b4c809e5d57d1952a17f67f2c72324fd379c91d5fdd8aa3fdd9da9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in plugin-fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85454b4f6eb05f7133937ef6acbdd16ae04b31aaf2b4806bdcac1d845fb80d6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5493 Malicious code in @builder.io/dev-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ff13c28b39f7c02f6243516ca6055c3fcbbfb72cc4ca16ecfe99a31099dd1c8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @doaction/signalhub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7bca1eff18553fad58ccd2097810887a61afc717b44a657c6674bfa7317bb41 @doaction/[email protected] is shaped as a dependency-confusion attack against organizations using a private @doaction scope. package.json declares...
MAL-2026-5119 Malicious code in @redhat-cloud-services/types (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...