Malicious code in @immuta/flag-providers-web (npm)

Malicious package due to data exfiltration, command execution, and suspicious install scripts. Gathers system info and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041967637fd096ee4ba0091769b628c2c7da4bd4a60f38a6b4e3ba5cea9cf788 T...

MAL-2025-48690 Malicious code in hyatt-avatar (npm)

Package collects system info and sends to untrusted server, plus suspicious install scripts indicate malicious behavior. The package communicates with a domain associated with malicious activity...