126 matches found
Malicious code in ishowfeet11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35ad3f426377de0f1898ef51d148062669bd91d3cbae08ffe620af8514fde41e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-6925 Malicious code in typescript-base58 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b860a9c4960f55c236ca5e14781f5dcfb60752d4367cb9aeb30762d3b023004e [email protected] is a one-line re-export of the 'base58-core' package. The README advertises 'Zero dependencies' while package.json declares a...
MAL-2026-6873 Malicious code in router-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f60a60e68f645bffe7eb5e137979aa6fb6c535c53ee6e13a9fcf01951eb05b55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/e2b (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4951048ee56bb5e6a99f08e3c467615532d3c136918ceb9143cf1934ba4be370 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5939 Malicious code in @mastra/ai-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98257d70b56e46a3dcd690478b15c54fb55c270db969b777c0cb42bec21ace37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5846 Malicious code in prettier_v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52d6c46e6d7e7ba0269dbb3d9725b5943d1b4b94ac2587a5738983cb93d8e1cf Package name 'prettierv2' closely resembles the widely-used 'prettier' formatter package, raising typosquat concerns. The file lib/mirror.js contains...
MAL-2026-5112 Malicious code in @redhat-cloud-services/eslint-config-redhat-cloud-services (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-3522 Malicious code in @uipath/access-policy-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87fb4a7ca8257b97a21e311c9322a63b2691136e87c6a8ce12cc648890849f76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3491 Malicious code in @tanstack/start-static-server-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @bcs-mi/store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...
MAL-2026-2589 Malicious code in @mx-shared/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80722921f3ba7863b8f28031aa4edf777ce8e270fab10bcead75016a286cb125 The package @mx-shared/utils was found to contain malicious code. Source: ghsa-malware 30ead10eaa18cee42152061c23ee9a84c465e687911f78dd1ae0c613f1c2b1...
MAL-2026-2045 Malicious code in @emilgroup/customer-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ffdd49f845d5d16e6b17778217c493abdb71d809aa288b93b59e69582119c91 The package @emilgroup/customer-sdk-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in supplychain-security-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2655712e00f8c5bf90b5a945bc60c2fd3c109d2719ec7b161114f86343741ee1 The package supplychain-security-demo was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1529 Malicious code in require-in-package (npm)
The package 'require-in-package' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1343 Malicious code in chai-as-flex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...
Malicious code in tailwindcss-animate-framer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c02b4943187c442df05c485194a7946cf3243d4f95240cde866a4efc05fce281 The package tailwindcss-animate-framer was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1134 Malicious code in ts-big-number (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a6ea1bec80a1e6f2dd3ee69a62602237f916e6b2877e126e18d8ef5b7f691 The package ts-big-number was found to contain malicious code. Source: ghsa-malware 490d5033b9169ec80de58a0c2bb8bdbfe435f06200e0b7cc729ce393f2449d40...
Malicious code in torbaileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e4b08c935365c992a67e45fd75888de1262836188ca5a0246ba4bae988b713 The package torbaileys was found to contain malicious code. Source: ghsa-malware 477238eba8ca0f2c24ebb88b73089608a73fdc363b248e404b66acc829c0777d Any...
Malicious code in yunxohang10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5afa709f3be67acbb1d69b61e6897f6743d7feb8f9cb31e8b0109223c403858c The package yunxohang10 was found to contain malicious code. Source: ghsa-malware 5d4bc174ce0500df2bcfb0be9787d728083db08a933b9eb56bbe52e1cf37bfd1 An...
MAL-2026-171 Malicious code in amdocs-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a6af3ffb67d97ff5a166cfa06c9dc841eab5d736ffbbdae5f3a693d7845be2 The package amdocs-core was found to contain malicious code. Source: ghsa-malware 19cbd66c5d36a7bcc61d3202596dea181a2782d867db3ea2cbb0e322f01b99db An...