Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@zapier/babel-preset-zapier (>=5.0.0 <=6.4.0), babel-preset-zapier (>=2.0.0 <=4.0.0) +1 more potentially affected by unknown CVE via @zapier/browserslist-config-zapier (=1.0.2)

@zapier/browserslist-config-zapier NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @zapier/browserslist-config-zapier and may be impacted: - @zapier/babel-preset-zapier =5.0.0, =2.0.0, =4.0.0, =9.0.0 Source cves: unknown CVE Source...

EUVD-2025-198781

Malicious code in @zapier/browserslist-config-zapier npm...

Malicious code in @zapier/browserslist-config-zapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5146756159d44339572781661307fc36bb08adb636158ee54628f774506ae47 The package @zapier/browserslist-config-zapier was found to contain malicious code. Source: ghsa-malware...

MAL-2025-9664 Malicious code in @wisetail/browserslist-config (npm)

The package @wisetail/browserslist-config was found to contain malicious code...

MAL-2023-1512 Malicious code in browserslist-config-usaa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f08f5ede6b0f56a4b6366c22c4622d7cddc43a2d689f021f8a179e72c2fa6220 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in browserslist-config-usaa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f08f5ede6b0f56a4b6366c22c4622d7cddc43a2d689f021f8a179e72c2fa6220 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @roots/browserslist-config is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious code in browserslist-config-freight-trust (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf366bc353ddcabf5a3692641c29f85b696be961bd78264a847de2ae63fd0043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...