4 matches found
MAL-2026-6547 Malicious code in react-editable-calendar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef4c5725bd98fb80c8dc59c58f68627b6a69aa4c4ae16d3f0c70c011895144cb package.json declares a preinstall hook node src/utils/index.d.js, but the published tarball's files whitelist ships only dist/, README.md, and LICEN...
MAL-2026-5743 Malicious code in environment-gate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80dc74c6c5240e9c146e476300b44582cc114cf1827319ba81d2bcae2d64c2cf index.js contains a commented-out line that, if uncommented, would base64-decode the URL https://www.jsonkeeper.com/b/VKUNI, fetch its contents via...
Malicious code in @mcpassure/mcp-anvisa-bulario (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...
MAL-2026-4645 Malicious code in prettier-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80a3bdd18c28c0c045aaed2a3e5725b3b38cb45bc9c16d0b795c4334caed17a5 Package name prettier-sdk impersonates the top-tier prettier package 50M weekly downloads, copying its README verbatim and forging metadata repositor...