1322 matches found
Malicious code in mcp-server-sentry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf12283b2f16a43388d0cc6c2991fbbdab0da44ab344c1f9c71515dd05024046 On npm install, the package's postinstall hook scripts.postinstall: node index.js collects host identifiers — os.hostname, process.cwd, the npm...
MAL-2026-5483 Malicious code in mcp-server-sentry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf12283b2f16a43388d0cc6c2991fbbdab0da44ab344c1f9c71515dd05024046 On npm install, the package's postinstall hook scripts.postinstall: node index.js collects host identifiers — os.hostname, process.cwd, the npm...
Malicious code in mcp-server-github (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958 Package squats the unscoped name mcp-server-github to intercept installs intended for the official @modelcontextprotocol/server-github. package.json...
MAL-2026-5479 Malicious code in mcp-server-github (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958 Package squats the unscoped name mcp-server-github to intercept installs intended for the official @modelcontextprotocol/server-github. package.json...
MAL-2026-5485 Malicious code in mcp-server-supabase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8 Package squats the unscoped name mcp-server-supabase to intercept npx mcp-server-supabase invocations intended for the official scoped Supabase Model...
MAL-2026-5466 Malicious code in getd-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...
Malicious code in getd-typescript-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...
MAL-2026-5470 Malicious code in getd-typescript-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...
Malicious code in gethandler-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6925d4c07df297f8cb573df4d85a396794d8793179e7a97f2cfde3aadfcfbc On npm install, postinstall.js unconditionally sends an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying the installer...
MAL-2026-5473 Malicious code in gethandler-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6925d4c07df297f8cb573df4d85a396794d8793179e7a97f2cfde3aadfcfbc On npm install, postinstall.js unconditionally sends an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying the installer...
Malicious code in getd-transactional-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e89f2411faf9265508a84772d5667bb3095cf28937bb9e9ab80a215ff4208 On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying os.hostname,...
MAL-2026-5467 Malicious code in getd-handler-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83398d27bb84d47296f796b4b2e6e9b5a0efc474add2e57592455e7d5d54eab5 On npm install, postinstall.js collects the installer's hostname, username, platform, current working directory, and CI-related environment variables...
MAL-2026-5471 Malicious code in getd-ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...
Malicious code in getui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...
MAL-2026-5474 Malicious code in getui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...
Malicious code in getd-content-management (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...
MAL-2026-5472 Malicious code in getd-web-corporativa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6751d3ca04c2ae596f7e809e339770edaed576060d361c061311960b0a3a7033 On npm install, postinstall.js performs an HTTPS GET to a hardcoded webhook.site receiver, leaking the installer's hostname, OS username, platform,...
MAL-2026-5460 Malicious code in fhirproxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e092973bad8e995bdec34000e45943e0be59996e84f181ee4bee9cd423f8eb [email protected] is a thin loader package whose only behavior is to pull and execute the dependency fhirproxy-utils. package.json declares both...
MAL-2026-5459 Malicious code in @dktunited/anly-tracker-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8893b914c3ba3139a3c8cede191521742237aa7c1c5d64f7ee45dbc5f636a6 scripts/postinstall.js runs unconditionally during npm install and exfiltrates installer-side identifiers to an attacker-controlled out-of-band...
Malicious code in @dktunited/anly-tracker-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8893b914c3ba3139a3c8cede191521742237aa7c1c5d64f7ee45dbc5f636a6 scripts/postinstall.js runs unconditionally during npm install and exfiltrates installer-side identifiers to an attacker-controlled out-of-band...