97 matches found
Malicious code in crazynut (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99acc5fd6f39abd90d81467df8fe55d92230edd286a12d9f628ad6f9c1c34a9a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @vite-ln/build-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8972bbfdd55ad200dd49b08501d7391beca99841f0c36479806f2b1e329950a2 Package @vite-ln/build-ts copies the legitimate vite package's manifest verbatim description 'Native-ESM powered web dev build tool', author 'Evan...
MAL-2026-6884 Malicious code in syncora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fad6a402b2081c7bd35f082e81588979985d9e4b458e0a34794e50f4acc14fd7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in alder_morrgan (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96468d16380fb68b99823735be418b7393216e068ce91f6aa31f2e1305d9d4d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6609 Malicious code in @contentprod-authoring/block-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa028931eef026447363bc2ef44ace207f4f3226de4289e354d26d730fa28186 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6277 Malicious code in search-from-search (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e2e600c7cba50d7cc3cbff52a18f77e508ec66be3a50cd4960f84771598548 package.json registers node callback.js as both preinstall and postinstall, so the payload runs automatically on npm install. callback.js collects th...
MAL-2026-6031 Malicious code in @mastra/otel-exporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1998b4d1e4f2d960197b14f573628777e4456ff374f007ac39cca273a206aea The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5347 Malicious code in moustick (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deae034e46d94eafe1db97a6a57a664400f03caa48af8f775f6064c361c6bb9a Package impersonates the popular cookie-signature library — it copies the description, README, author TJ Holowaychuk, and repository URL of...
Malicious code in viem-multichain (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 000bdcb32a8ca1f6657425685c88c4b60917055d5a202275c50d004462e37459 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cortana-md-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 686dc6172d061151a94189d41cd564a6127d00f10af75880962a357301ec135e The package cortana-md-bot was found to contain malicious code. Source: ghsa-malware a712b3a56136d272ebf1a688ff9ea1cc572023730622963df1e6e82389177d28...
MAL-2026-1165 Malicious code in @global-dax-ad-platform/dax-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e50b13916c14b17a01e550d32711ed37f8842bc2a0eede3ea254df64f7a0af1a The package @global-dax-ad-platform/dax-components was found to contain malicious code. Source: ghsa-malware...
MAL-2026-648 Malicious code in yazxzpedia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f94694d3882914e6f75cc35db5533b7d7c4d9caebb2631033de332d3c49e562 The package yazxzpedia was found to contain malicious code. Source: ghsa-malware e97d515edc36ba99b0d5fa4cc5cd35798ff96229f05a9f93ba6dbef0631f1ac0 Any...
Malicious code in francium-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bbfe7cfa0e201004579dc73a60307dbd93e6507801d3dd767b689cb748535c1 The package francium-utils was found to contain malicious code. Source: ghsa-malware 36e968a97c914ae6c1bf4fb980564d69546cc92105d1be341f56c933ec2caa12...
Malicious code in sort-imports-es6-autofix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20061f2672fcbe82b13ab8e09c629d93991ef45200bb30c7bf9a1dc78cbb4230 The package sort-imports-es6-autofix was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-awaited (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e469d359c2a3a5ca20b47691e64d2330d38d9ad0f173fb440b2ac677d333d6a The package chai-as-awaited was found to contain malicious code. Source: ghsa-malware df0ec4507c7a16056091fbf705d97408c308041bf9b5798d113fdc3042a00b3...
Malicious code in expo-router-on-rails (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92bd7bcf264644e954c78205f555c4b45d42e4e628db37666799375a9a8777f5 The package expo-router-on-rails was found to contain malicious code. Source: ghsa-malware...
Malicious code in mojio-client-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fea28b1c502ade1afb436a22ffc2bd83e1c413dd85b274370f805ec0760be91 The package mojio-client-lite was found to contain malicious code. Source: ghsa-malware...
Malicious code in types-lodash.es (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ad198ed6efdd1d7367a198d4b5c761b7ecf5421158cf8cce424a4f693598f1f The package types-lodash.es was found to contain malicious code. Source: ghsa-malware cd47d05a7a2bdd9fbd2f267aaeb6664d79583714a396f493858e926e1cc25f0...
Malicious code in unused-imports (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01031534d46574b4aca0e5341d43399ac25cf7c751f841cf6af2eec7b73fa797 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in private-callouts (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a2946aeff32829327711ed5cbdd0127273806a52a23e9be1f96113c04562bc6 Any computer that has this package installed or running should be considered...