1340 matches found
Embeded Malicious Code
Overview @nx/workspace is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...
Embeded Malicious Code
Overview @nx/js is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...
Embeded Malicious Code
Overview @nx/key is a part of the Nx Powerpack extensions for Nx. This plugin provides the ability to activate and read licenses for Nx Powerpack Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...
Embeded Malicious Code
Overview @nx/node is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...
Embeded Malicious Code
Overview @nx/eslint is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...
Embeded Malicious Code
Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named telemetry.js. A...
Embeded Malicious Code
Overview @nx/enterprise-cloud is a part of the Nx Powerpack extensions for Nx. This plugin is specific to Nx Enterprise Cloud workspaces. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named telemetry.js. A...
Embeded Malicious Code
Overview @nx/devkit is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. This package contains a set of utilities for creating Nx plugins. Affected versions of this package are vulnerable to Embeded Malicious Code throug...
Malicious code in used-first-in-postinstall-script-dotslashed (npm)
The package used-first-in-postinstall-script-dotslashed was found to contain malicious code...
MAL-2025-37964 Malicious code in used-first-in-postinstall-script-dotslashed (npm)
The package used-first-in-postinstall-script-dotslashed was found to contain malicious code...
MAL-2025-6829 Malicious code in tensorflowjs (npm)
Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...
Malicious code in tensorflowjs (npm)
Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence AI and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performan...
Malicious code in udn_extras (npm)
The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...
MAL-2025-6387 Malicious code in udn_extras (npm)
The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...
Malicious code in napi-postinstall (npm)
This package installs a windows based malware file node-gyp.dll via install.js...
Embedded Malicious Package
Overview @toptal/picasso-utils is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-provider is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-typography is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
Embedded Malicious Package
Overview @toptal/picasso-quote is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...