MAL-2026-1487 Malicious code in vitest-config (npm)

Malicious package due to preinstall script execution, system info gathering, Discord webhook usage for data exfiltration, and error suppression. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d6cfc9315582e56556f40906f86a19927ad32b3826548896d1eaf23e0705243 The...

Embedded Malicious Code

Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...

Embedded Malicious Code

Overview react-native-country-select is a 🌍 React Native country picker with flags, search, TypeScript, i18n, and offline support. Lightweight, customizable, and designed with a modern UI. Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this...

Malicious code in tahoe-tap (npm)

Malicious package detected. Executes code during installation via preinstall script in package.json and has only one version published. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deec4b3e879632ae9819b52e88ae689725b1af688aecd541e498d2bac084f848 The package...

MAL-2026-1387 Malicious code in tahoe-tap (npm)

Malicious package detected. Executes code during installation via preinstall script in package.json and has only one version published. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deec4b3e879632ae9819b52e88ae689725b1af688aecd541e498d2bac084f848 The package...

Malicious code in @web-monorepo/fetchers (npm)

Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3faaa666cb666785670b3a638b1f832d4492f7eb2c999f41f7bb551cde2aa86 The package...

MAL-2026-1318 Malicious code in @web-monorepo/fetchers (npm)

Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3faaa666cb666785670b3a638b1f832d4492f7eb2c999f41f7bb551cde2aa86 The package...

Malicious code in @augmentor/experiences (npm)

Malware detected: Collects and exfiltrates sensitive data to a suspicious webhook via a preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4067e28e3de3f031541a3e624d8d21dc75777b65b83ab8aa4fd09bfd52038968 The package @augmentor/experiences was fou...

MAL-2026-1317 Malicious code in @augmentor/experiences (npm)

Malware detected: Collects and exfiltrates sensitive data to a suspicious webhook via a preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4067e28e3de3f031541a3e624d8d21dc75777b65b83ab8aa4fd09bfd52038968 The package @augmentor/experiences was fou...

Malicious code in @schedaero/react-core (npm)

Multiple suspicious behaviors: suspicious URL, data exfiltration, process termination, preinstall script, and few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9a3637e4c85401af7944fe82cfd79a91d69797ef89cf50334fc3e5bf4fac0e6 The package...

MAL-2026-1230 Malicious code in @schedaero/react-core (npm)

Multiple suspicious behaviors: suspicious URL, data exfiltration, process termination, preinstall script, and few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9a3637e4c85401af7944fe82cfd79a91d69797ef89cf50334fc3e5bf4fac0e6 The package...

Malicious code in @schedaero/yukon (npm)

Multiple evidences indicate malicious behavior: suspicious URL, data exfiltration, process exiting, and preinstall script execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02868b7ba4a5e5bf754e692e348191e6974f2f707417f20f97b33f172cda4ca The package...

MAL-2026-1232 Malicious code in @schedaero/yukon (npm)

Multiple evidences indicate malicious behavior: suspicious URL, data exfiltration, process exiting, and preinstall script execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02868b7ba4a5e5bf754e692e348191e6974f2f707417f20f97b33f172cda4ca The package...

MAL-2026-1228 Malicious code in @schedaero/bacon (npm)

Multiple suspicious behaviors: preinstall script exfiltrates data to a suspicious URL, terminates process, and few versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1f79d2ea06bc3905829524120560412e8e875463b5bddeb6bad3a343292c20c The package...

Malicious code in @schedaero/net-common (npm)

Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...

MAL-2026-1229 Malicious code in @schedaero/net-common (npm)

Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...

Malicious code in @schedaero/shared (npm)

Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...

MAL-2026-1231 Malicious code in @schedaero/shared (npm)

Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud , has compromised hundreds of npm packages, according to reports from Aikido,...

Malicious code in tehryanx-preinstall-script (npm)

The package tehryanx-preinstall-script was found to contain malicious code...