Malicious code in webpack-cache-reset (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee0027f45dd4846b52b99120af39a0bca88f8693047612e946cd8d816f36e6c On npm install, the package's postinstall hook runs loader.js, which hex-decodes the URL https://jsonkeeper.com/b/INN1F an anonymous JSON paste host,...

Malicious code in webpack-cache-clean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8656d094ec59721c08eb72a1ec8f1530cd07985edf705032926dd9a19461d9 On npm install, the package runs a postinstall hook node -e "require'./loader.js'" that spawns a detached child process. The child decodes an...

Malicious code in @tonsdk/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9a9a70e3d8b322df960cb96b195f74693eb4d2ea284680e4cfb41a33f1848f8 @tonsdk/core impersonates the legitimate @ton/core TON blockchain SDK. On npm install, scripts/postinstall.js executes automatically and performs two...

MAL-2026-5564 Malicious code in @tonsdk/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9a9a70e3d8b322df960cb96b195f74693eb4d2ea284680e4cfb41a33f1848f8 @tonsdk/core impersonates the legitimate @ton/core TON blockchain SDK. On npm install, scripts/postinstall.js executes automatically and performs two...

Malicious code in js-crypto-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d677e45bee46911d04564e9260f4b569119a4ca0a13a58bcd43760359fbb4f The package's prepinstall.js script base64-decodes a hidden URL stored in a constant misleadingly named HASHKEY decoding to...

MAL-2026-5569 Malicious code in js-crypto-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d677e45bee46911d04564e9260f4b569119a4ca0a13a58bcd43760359fbb4f The package's prepinstall.js script base64-decodes a hidden URL stored in a constant misleadingly named HASHKEY decoding to...

MAL-2026-5570 Malicious code in nim-submit-for-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bf75301042574897cc2f4bd8f3b8939fe4ac7a958f2cfe2404bbbee149797d0 On npm install, the package's postinstall hook executes lib/compiler.js, which spawns a detached Node process that collects host identity hostname,...

MAL-2026-5562 Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

Malicious code in field-upload-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17402ad5019d1d433139ce2652d18d2493d87acfd1ede435a94c87eb421f25b1 On every npm install, the package's postinstall lifecycle script in package.json spawns a detached, unref'd Node process that decodes a base64-encode...

MAL-2026-5567 Malicious code in field-upload-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17402ad5019d1d433139ce2652d18d2493d87acfd1ede435a94c87eb421f25b1 On every npm install, the package's postinstall lifecycle script in package.json spawns a detached, unref'd Node process that decodes a base64-encode...

MAL-2026-5571 Malicious code in qa-handoff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4939e56124668b7d03f9e2a96dfbfedba53e24aaa5d2190e298547e724b1f851 On npm install, the package automatically executes lib/setup.js via the postinstall lifecycle hook. The script spawns a detached Node process that...

Malicious code in solana-dev-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 059c5a74392811a397d3868092b7bcc84fbfac9d2f3de1c69a6421cdf756b652 On npm install, the package's postinstall hook node install.js executes a multi-stage attack against the installer's machine. It reads...

Malicious code in janus-flow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d33c10c068a69d14d0333b93de7745caffd62013c57de6c55f20a6b53ffdcb1 On npm install, the package's postinstall hook node postinstall.js 2/dev/null || true silently runs a credential harvester against the installer...

MAL-2026-5556 Malicious code in janus-flow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d33c10c068a69d14d0333b93de7745caffd62013c57de6c55f20a6b53ffdcb1 On npm install, the package's postinstall hook node postinstall.js 2/dev/null || true silently runs a credential harvester against the installer...

MAL-2026-5557 Malicious code in janus-ft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...

Malicious code in @my_name_is_khn/express-security-tool-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e77b441acf56551e84d7dcac2da89dd7f287f6c0a6c028c669d78a90e6c58d3 On npm install, the package's postinstall script scripts/inject.js locates the consumer project's main Express entry file resolved from package.json...

MAL-2026-5551 Malicious code in @my_name_is_khn/express-security-tool-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e77b441acf56551e84d7dcac2da89dd7f287f6c0a6c028c669d78a90e6c58d3 On npm install, the package's postinstall script scripts/inject.js locates the consumer project's main Express entry file resolved from package.json...

Malicious code in @my_name_is_khn/express-security-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7e17fc1e874d13547ace24c7b21593ce1eb13337d0d877a89c7a372974ee42 On npm install, the package's postinstall hook scripts/inject.js locates the installer's host project root, identifies the main entry file index.js,...

MAL-2026-5550 Malicious code in @my_name_is_khn/express-security-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7e17fc1e874d13547ace24c7b21593ce1eb13337d0d877a89c7a372974ee42 On npm install, the package's postinstall hook scripts/inject.js locates the installer's host project root, identifies the main entry file index.js,...