29 matches found
MAL-2026-4356 Malicious code in testing-on-npmjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1575dee70b1f079b297d26405595aa16591e62de8fac896cf9ea485d6f534132 On npm install, postinstall.js executes two attacker-controlled actions automatically. First, it collects installer-side identity whoami, id,...
MAL-2026-3312 Malicious code in path-internal-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bd4ebaf2978cb19cb80932842460fcb683c7e5867ec9e51c642bc29605394d4 The package path-internal-util was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @apple-pay-trust/authorize-payment (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6403670e0f9573b88d997609a27ef3630ca5d0442446368011a1980a1b56298 The package @apple-pay-trust/authorize-payment was found to contain malicious code. Source: ghsa-malware...
Malicious code in tether-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3a15feaa501454125206345e0e802667759555738db7b1a1ee9ad5dc6b0098a The package tether-base was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @spinstorm/shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e56e452f9b6929e66be95ebdf49d432e7bbfeb76fc349123bcc39175f412e802 The package @spinstorm/shared was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in pnpm-workspaces (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19d252b93a40f90995892530ecd34dc35e9ec7e5b741cb02416fd3dde3e082d8 The package pnpm-workspaces was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2274 Malicious code in autoshipment-public-front (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...
Malicious code in @mesh-components/card (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c96d53100e05047008977d25b2800e9da6e1d83f42874dcf6be5ed4144d3d83 The package @mesh-components/card was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1347 Malicious code in f0-abstraction-resolver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224dc9dfb692343ce6baa1f2e8ce95e413f8a4d8d9991bea7c7272923cd7498c The package f0-abstraction-resolver was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1236 Malicious code in @molb-prelogin/gobiz-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2a95b0b5cbb552848c3740a99b78d968f3cef00df645e9314604255a4f0507d The package @molb-prelogin/gobiz-config was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-914 Malicious code in @qualys/react-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c63e27e2c86203c152f6f7bfc30136a44d93bfbc84522fcf86ca97976511a59 The package @qualys/react-web was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @depro0x/despicable-me (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e512041534d296b22312d733434bb54944a4e026f6ddeaa493240cccc429ee9 The package @depro0x/despicable-me was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-836 Malicious code in myads-layout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d196800be4de842ce4eb526181a86b7d78e5e3851954256a68d9cda3dab4a89 The package myads-layout was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in api-umbrella-admin-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f5afbcc650f7845d47544c5033aba92c5a2ab80d2e0d27e99437ef31cc6c249 The package api-umbrella-admin-ui was found to contain malicious code. Source: ghsa-malware...
Malicious code in elf-stats-tinsel-candy-605 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81cbef0d18c705f5e2d320ebbffd2ca291c82eeed7bb636c5a582d7388790185 The package elf-stats-tinsel-candy-605 was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-48453 Malicious code in src_pages_list_index_tsx (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 191404621c42806b5e14f38b5dd6674109c26eb03902fa54c23312ee369c6d72 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48313 Malicious code in vue-analytics-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6264af628cc0d76e732dffe05db10a0bd52bcffaad0549e986349c8fc542cf79 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-41280 Malicious code in api-extractor-lib4-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 659516491da5eda94919af0b09a941720c55632d3a7c3ced84c056da49b4e504 The OpenSSF Package Analysis project identified 'api-extractor-lib4-test' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
Malicious code in parabol-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74ca7b873b936a65f847ef390b0cbe34ceb97ba32b0153888623b60c61f4b335 The OpenSSF Package Analysis project identified 'parabol-client' @ 9.1.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in @0xzyo111/frontend-logger (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ea6fe9c933bc0a4ac656882af6f4662783f92087518dbbb253c351f60d44b63 Any computer that has this package installed or running should be considered...