1301 matches found
Malicious code in postinstall-logger-7x9z (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e89b603ffc718873a9d4c42167bf0c667c995cc2547bc9b99373ad4e9f0ca1e On install, package.json's postinstall hook "postinstall": "node run.js" triggers execution of bundled beacon scripts beacon15.js and beaconlinux.js...
Malicious code in node-multi-downloader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc720cd970f4d19212ca90945b7fc1e4e1c64da98235ff595b3792ae69e3e68 On npm install, this package's postinstall hook node index.js hex-encodes the installer's current working directory, the first 15 entries of that...
MAL-2026-5735 Malicious code in node-multi-downloader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc720cd970f4d19212ca90945b7fc1e4e1c64da98235ff595b3792ae69e3e68 On npm install, this package's postinstall hook node index.js hex-encodes the installer's current working directory, the first 15 entries of that...
Malicious code in houzidawang808 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d6b96fe99e7f8503cb07df05d6b621dc8e8243fc7288844678d8aff043a654 The package presents itself as a 'simple date formatting utility' index.js exports a trivial formatDate wrapper around toLocaleDateString, but ships ...
MAL-2026-5732 Malicious code in houzidawang808 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d6b96fe99e7f8503cb07df05d6b621dc8e8243fc7288844678d8aff043a654 The package presents itself as a 'simple date formatting utility' index.js exports a trivial formatDate wrapper around toLocaleDateString, but ships ...
MAL-2026-5729 Malicious code in houzidawang806 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbf603db6d0a3434c6c417dd460f26d08b9e230c03926f05987bb3841d3c72b Package self-describes as 'A simple date formatting utility' but ships two distinct attacker primitives. 1 postinstall.js enumerates /.ssh/ for .pub...
MAL-2026-5727 Malicious code in vite-config-optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...
Malicious code in vite-config-optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...
Malicious code in @ci-lifecycle-test/postinstall-ping (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...
MAL-2026-5723 Malicious code in @ci-lifecycle-test/postinstall-ping (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...
MAL-2026-5724 Malicious code in warp-dependency (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 493b3ed30d94fb482e4b9c7cf3d328ba9b307f91965783f0024ec7dca1fedb96 [email protected] declares postinstall: node index.js in package.json. The index.js entry point is heavily obfuscated using obfuscator.io-style...
MAL-2026-5709 Malicious code in chalk-plus-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5351482f03a50cab8a28b6aa7c992c960a55c6889634d2a04bb86a157ac18d1 Package is published under a name riding the popular chalk color-output library but its source tree, README, main entry lib/nodemailer.js, and lib...
MAL-2026-5711 Malicious code in chalk-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac66dfb6013c32d34c6ce83bdba4628b67539e81df27fe18dcf71d3de05ff8ce Package is published as 'chalk-pro' homepage chalk-pro.com but its main entry is a verbatim copy of nodemailer's API — a typosquat impersonating both...
Malicious code in chalk-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac66dfb6013c32d34c6ce83bdba4628b67539e81df27fe18dcf71d3de05ff8ce Package is published as 'chalk-pro' homepage chalk-pro.com but its main entry is a verbatim copy of nodemailer's API — a typosquat impersonating both...
MAL-2026-5712 Malicious code in jextic-eclib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6476409b9cb9296b7f778be375081c8ad12b030658351092e9fef90f4b707 On npm install, the package's postinstall hook postinstall.js requires index.js, whose top-level scanAndExfiltrate call walks the installer's working...
Malicious code in jextic-eclib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6476409b9cb9296b7f778be375081c8ad12b030658351092e9fef90f4b707 On npm install, the package's postinstall hook postinstall.js requires index.js, whose top-level scanAndExfiltrate call walks the installer's working...
MAL-2026-5710 Malicious code in chalk-plus-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...
Malicious code in chalk-plus-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...
Malicious code in friendly-greeter-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab72d8364f58d27c6ba37063af62500b494b2fcb8961c1a2b40ed1d2feabdcfe friendly-greeter-demo ships two independent remote-code-execution channels that activate automatically. postinstall.js runs on npm install and...
MAL-2026-5704 Malicious code in friendly-greeter-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab72d8364f58d27c6ba37063af62500b494b2fcb8961c1a2b40ed1d2feabdcfe friendly-greeter-demo ships two independent remote-code-execution channels that activate automatically. postinstall.js runs on npm install and...