MAL-2026-5438 Malicious code in corporate-front-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26a235f294aacb3800465f89db0f33ecb54f09da450ee98543f8b039249fc12 [email protected] is a near-empty shim index.js exports an empty object whose only meaningful content is a tarball-URL dependency declared i...

Malicious code in page-info-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9314c597c5023f198b20ebe47d09cf929d8e252e27f60928a3ab73dbe77de8cd [email protected] ships an empty stub index.js is module.exports = with placeholder author/description metadata and an unusually high 99.9.1...

MAL-2026-5153 Malicious code in @att-ebiz/abs-components-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8d1b46db555fda7536bcf080f9dfd0ceed5c731f7a96b2579121598dad6721 Package @att-ebiz/[email protected] is an empty placeholder published to public npm under a scope @att-ebiz that matches AT&T's internal...

Malicious code in sorenson-webfonts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d45b3e803fc04f697e067f5dfbc9a9c37878d1b7faed2ad4aea69dd9bed25c32 [email protected] is a hollow package: index.js is a 2-line stub 'use strict'; module.exports = ;, author/description fields are empty, and th...

MAL-2026-4827 Malicious code in unleash-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3315b3ff9fe481a7a008cff1227c2449dd8762bdf0abbe1a6194954306c745d [email protected] is an empty stub package index.js exports , 35 bytes; no author, no description whose sole effect is to pull a chained dependency...

Malicious code in unleash-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3315b3ff9fe481a7a008cff1227c2449dd8762bdf0abbe1a6194954306c745d [email protected] is an empty stub package index.js exports , 35 bytes; no author, no description whose sole effect is to pull a chained dependency...

Malicious code in wm-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 380f281f71ec04bc9867a9b12d46852936494de6d2be3df55b1422bde2f5f01d [email protected] is an empty stub index.js is 35 bytes exporting , no description, no author published at an artificially high version 99.9.1...

Malicious code in @citi-icg-171632/citicms-repo-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 88e5400167d9962139f78098013ac4e5eadeeaa76b8916ba246c5f6b2093f508 The OpenSSF Package Analysis project identified '@citi-icg-171632/citicms-repo-component' @ 99.9.1 npm as malicious. It is considered malicious...

MAL-2026-4464 Malicious code in @vtmn-play/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e407217116bd1ae3eb89ce8631eae8299f5acd924409d33f141ebddc4489145 Package name @vtmn-play/react mimics Decathlon's Vitamin design system @vtmn/react and is published at version 99.9.1, the canonical...

Malicious code in @piewasm/pie-web-npm-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...

MAL-2026-3331 Malicious code in lazyhtml-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45abfd9582509b7e6ded4a7ce678a25aef82365186bba18330d6f76f1cf3c5ea The package lazyhtml-scripts was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3215 Malicious code in archetype-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6fb5b405c9035099932e46f80bb6fe9740d3f727020700cc1e6ad36db2caf8 The package archetype-style was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in archetype-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6fb5b405c9035099932e46f80bb6fe9740d3f727020700cc1e6ad36db2caf8 The package archetype-style was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @oec-settlement/react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4beeacddc1773c8aefad734c472151284b868e3a06f4be8886763a0caebb121a The package @oec-settlement/react-router was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2978 Malicious code in @oec-settlement/react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4beeacddc1773c8aefad734c472151284b868e3a06f4be8886763a0caebb121a The package @oec-settlement/react-router was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2956 Malicious code in @serasa/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a5d7dc70207045632b443597fdca880203a20b38f5999520fe5c437ca65a496 The package @serasa/core was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2856 Malicious code in @ataslkit/profilecard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8efe1bf5f3d6ed3259b1ef3d48d73c3fd6368a50097725968869b551e73f828a The package @ataslkit/profilecard was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2566 Malicious code in wm-plugin-visions-recorder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9fc7d1b94e873a6acaa539c03b3deb578141de07e79343acb659b17d4815077 The package wm-plugin-visions-recorder was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1002 Malicious code in newrubylogger (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d10fd2e8adb621ac6bb3b4cd31357213d90dd17f27cd1f01d5e8e7138686d7c2 The OpenSSF Package Analysis project identified 'newrubylogger' @ 99.9.1 rubygems as malicious. It is considered malicious because: - The packag...

Malicious code in test343tttt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 14a83c7be6d241a79ccd6f23880afa83b749ac59232786eaab03a62b2512c9b7 The OpenSSF Package Analysis project identified 'test343tttt' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...