Malicious code in styled-components-a11y (npm)

The package 'styled-components-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in better-styled-components (npm)

The package 'better-styled-components' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1502 Malicious code in better-styled-components (npm)

The package 'better-styled-components' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1530 Malicious code in styled-components-a11y (npm)

The package 'styled-components-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in styled-components-react18-v5 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66d52b4bf89a840fc85060c046eff8faa5d258a0e3d47a52abf3c7b522ca1762 Any computer that has this package installed or running should be considered...

MAL-2025-5462 Malicious code in styled-components-react18-v5 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66d52b4bf89a840fc85060c046eff8faa5d258a0e3d47a52abf3c7b522ca1762 Any computer that has this package installed or running should be considered...

MAL-2025-164 Malicious code in babel-plugin-styled-componentsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5912584dcf93c8e94155d4393fdc3cd508541ab1c09a39e8ac2d4c2d93667f09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in styled-compoment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16c83f145b667c0aea6b36d3009e7958a122f49e451f7e54d6c20e42437a72e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

be-iq_shared-styled-components (=0.0.26) potentially affected by unknown CVE via plugin-transform-react-jsx (=0.0.1-security)

plugin-transform-react-jsx NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on plugin-transform-react-jsx and may be impacted: - be-iqshared-styled-components =0.0.26 Source cves: unknown CVE Source advisory: OSV:MAL-2022-5373...