Malicious code in supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffc0b5a7cfe173533053ac607e28d5e000c963fc1fd706bd9eedf57902e11c1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-cleaner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview chai-as-patch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview nodemon-webpatch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview nodemon-pack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @ewfewfewf/testhackerrr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47e70cb260a34952bd8dabf1cbb510efbc9072e3d809a03deec32a70745e4d3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @ewfewfewf/testhackerrr is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious code in @redhat-cloud-services/quickstarts-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5129 Malicious code in @redhat-cloud-services/hcc-feo-mcp (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5128 Malicious code in @redhat-cloud-services/frontend-components-testing (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious Package

Overview @cloudplatform-single-spa/svp-s3-storage is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...

Malicious Package

Overview @cloudplatform-single-spa/svp-baas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious code in puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9032a522708cf49b925eaee77c313e16ee097040af91a2a9c86e16a957a183e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in midoss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73bce73a188c2742f2c66ec85906c0bea50468d8c606fd6d38d4ea5698119007 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5064 Malicious code in ethers-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71fb8c3fc53908b6c1f910ca98b3940ded0c9acc55112925833e60a64816510d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @breezeai-frontend/tailwind-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

MAL-2026-5054 Malicious code in @timelycare/config-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc893c48f00d7000b6737fbccd385652c78342aad49e12c49134ce72b42852a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5069 Malicious code in evmchain-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32ebbd11fa492f47ef6373d99224e4b937f9daaaef387446fd11ffa9bb3ddcc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview tailwindcss-basic-animation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-5061 Malicious code in chai-use-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 941306dd3e5d860872f10c80f8e3acd59cbc3b3d0c7bb00e229442b3af273989 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...