Malicious code in check-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea848e496c2022409208a3e4a7d9b364c9437699a15554a5a1ee953d4428f230 check-ulid is a typosquat of the legitimate ulid package README is copied verbatim, homepage and bugs link to github.com/ulid/javascript whose...

MAL-2026-5844 Malicious code in numdifftools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd4954558bd423a9adc4cee0b684f36395b22e0f539d7434f93d9297c5430aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5690 Malicious code in ecto-spectral-leak-8d4e2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...

MAL-2026-5673 Malicious code in zatzdbai (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pui-diagnostics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f05c21e14c3c230fc88a2e0513e8dcd1ba8eda06a21ee1371dd5277b4280740a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @osamdefeirrighs/testhackfrrferrr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc1c3467aded71e3ee2e4dbb16bac4d9257a03410188ea98624a09a4263825c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5131 Malicious code in @redhat-cloud-services/sources-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5048 Malicious code in @cplace-project-planning-fe/cf-project-planning (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 092bbab646c6ffd8575fb87711545ad5052a18b9a78c3a70fccbecf8fbe5619a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/set_suppliers_data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0469f2493e0faa6db2b4dd70c85c58062f538457a60d4d4b77b44c861f665665 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4282 Malicious code in prompt-engineering-toolkit (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-4250 Malicious code in wallet-backup-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3537e19be49ba9b1222856a7df147f5751a129e0b9eac69158467e21c0a1755a Package presents itself as a 'Community Security Alliance' MCP server for verifying cryptocurrency wallet backups, but performs three concrete...

MAL-2026-3520 Malicious code in @taskflow-corp/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e305906fa9a2ce7ccc0318baa5c5d7cd13bd021623fec9701e1841d92ab00e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3452 Malicious code in @squawk/procedure-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fca1f05eea030fa48afc7e6e8bb177abb0f73793f376dbb7bc4e2d8a2a16a1d The package @squawk/procedure-data was found to contain malicious code. Source: ghsa-malware...

Malicious code in @tanstack/solid-start-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4905d7bb1a4d6f69ec73fe4cc8fa958262fcab1397fed5725ac39db447f6239a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wagner-horizon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97421ed33bbba9349de85dd7f575a7c761e70226645a82545378e6e412d3515 The package wagner-horizon was found to contain malicious code. Source: ghsa-malware c1c6c42ada769c8af91fc0c7c7212a759d8138cd9f5c4af4d5b736d8f879c154...

MAL-2026-3167 Malicious code in apple-infra-stealth-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62019b469ab2852a4c8a4453043d5452768c2ac046ad1dc258366eac98de24ac The package apple-infra-stealth-audit was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3164 Malicious code in chai-as-char (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0beb7aa3057c2e6c31e9bb9074f8ac71d5b2ad3a9f65761c0131816ab4bdb8df The package chai-as-char was found to contain malicious code. Source: ghsa-malware e12e1d019bed1dd99212206b54a611003e75acc13943eb13c8ab63cd388adc83 A...

MAL-2026-3165 Malicious code in chai-as-redeployed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2e2a156e4adadf2466c1ce0f0501539ea4bb3306edd9b2c97109326a9f94f3a The package chai-as-redeployed was found to contain malicious code. Source: ghsa-malware...

Malicious code in claudcode-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88f4d319ca32cad5bc9a2f83d4b1b64c39f2d1e75f2fed26cc1172d480891b69 The package claudcode-mcp was found to contain malicious code. Source: ghsa-malware 65a350de7c4fa0545fcd3fa1439e9ea34afa50e5237688032de7bcafeb071ab0...

MAL-2026-2941 Malicious code in npm-doc-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8ae6448e13630c5243e98e1794e9b2f57b0e999d4c31687f0db0f1665496f9 The package npm-doc-deploy was found to contain malicious code. Source: ghsa-malware f7938c30cf6da645723648c4c43979c97d7c006933fb24ccab60154f1cc5d084...