3 matches found
CVE-2026-50021
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...
CVE-2026-50021 pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...
Malicious code in cici-ketoprak32-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4ffc9074c0d0e217926727cd27d0771a05956fe896e122a3e3dc367a73aaaa9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...