3 matches found
Malicious code in abuden218 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e1df12b592dc442d5266d4244831fd0b6ceb94c0960a26815f5fad3246b828 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-5938 Malicious code in speed4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0766e347295e7a13e0604a89de30f662a24b690598f1e4b01edaac5400178347 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...
Malicious code in nottuff4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4f105cfb08cd05b609d2fb92793d7f8cb61d42add7d39e2491e6ba791f550e1 Package ships a Scramjet-based web proxy sw.js service worker + bare-mux + WASM rewriter under assets/ plus a static 'Riverbend Tutoring' index.html...