MAL-2026-72 Malicious code in bignumber.js-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92c6e02327f14620207af4a5e1925c400b63593f1200b4741e6da6fbed98324b The package bignumber.js-new was found to contain malicious code. Source: ghsa-malware 28010a58702c96fe7985f5d14aa8012e5f51e93f658c9de605cbd3e7437e18...

Malicious Package

Overview bignumber.js-new is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in bignumber.js-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92c6e02327f14620207af4a5e1925c400b63593f1200b4741e6da6fbed98324b The package bignumber.js-new was found to contain malicious code. Source: ghsa-malware 28010a58702c96fe7985f5d14aa8012e5f51e93f658c9de605cbd3e7437e18...

EUVD-2026-1126

Malicious code in bignumber.js-new npm...

Node.js third-party modules: [json-bigint] DoS via `__proto__` assignment

I would like to report a DoS in json-bigint. It allows to cause denial of service using very limited input 70 bytes. Module module name: json-bigint version: 0.3.1 npm page: https://www.npmjs.com/package/json-bigint Module Description JSON.parse/stringify with bigints support. Based on Douglas...