682 matches found
Malicious code in chai-as-persisted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...
MAL-2026-6544 Malicious code in chai-as-persisted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...
Malicious code in chai-as-assured (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd28efd7a3d07f87ec22556cc25a8c07117fa4cdd237c6cb1db750c976a11836 chai-as-assured impersonates the popular chai-as-promised package matching README, author, and API surface. When the exported plugin function is...
MAL-2026-6532 Malicious code in chai-as-assured (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd28efd7a3d07f87ec22556cc25a8c07117fa4cdd237c6cb1db750c976a11836 chai-as-assured impersonates the popular chai-as-promised package matching README, author, and API surface. When the exported plugin function is...
MAL-2026-6218 Malicious code in chai-as-attested (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...
MAL-2026-6220 Malicious code in chai-as-uphelded (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa7f5470790594e55393048fee0e7a9e6e6650776a06717258e410292d4dc8a9 Package name impersonates the popular chai-as-promised library, but its package.json description and keywords masquerade as a pino-style logger and a...
Malicious code in chain-chai-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...
MAL-2026-5908 Malicious code in chain-chai-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...
Malicious code in chai-as-tokenized (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485 Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper...
MAL-2026-5902 Malicious code in chai-as-tokenized (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485 Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper...
Malicious code in chai-smart-assert (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44c476c94a62f5a3949ef8e6173aae3a6fa9b4411d7b157d06ea96835fbf258c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5843 Malicious code in chai-smart-assert (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44c476c94a62f5a3949ef8e6173aae3a6fa9b4411d7b157d06ea96835fbf258c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in chai-utils-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edd573a9e5fdef8dcde78f5b0c9fa00521f232b886be838104741d1e0535f7 Package name 'chai-utils-test' impersonates the popular 'chai' assertion library and ships a cloned chai source tree. The declared main index.js call...
MAL-2026-5748 Malicious code in chai-utils-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edd573a9e5fdef8dcde78f5b0c9fa00521f232b886be838104741d1e0535f7 Package name 'chai-utils-test' impersonates the popular 'chai' assertion library and ships a cloned chai source tree. The declared main index.js call...
Malicious code in chai-web3-testkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc1472c1964a224051ad01d14dabfdfd3ca26d594fff02fb07192f423238691 The package advertises itself as a Web3.js testing toolkit but its content is copied from the legitimate chai-smart-assert library and a malicious...
MAL-2026-5699 Malicious code in chai-web3-testkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc1472c1964a224051ad01d14dabfdfd3ca26d594fff02fb07192f423238691 The package advertises itself as a Web3.js testing toolkit but its content is copied from the legitimate chai-smart-assert library and a malicious...
Malicious code in chai-net-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f4bb3d7abae3be57c7521b84016b6484d4c21bd2898fcde043d376513cf1e chai-net-test ships a remote-code-execution dropper behind its public chain API. When a consumer calls chain... the documented entry point,...
MAL-2026-5607 Malicious code in chai-net-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f4bb3d7abae3be57c7521b84016b6484d4c21bd2898fcde043d376513cf1e chai-net-test ships a remote-code-execution dropper behind its public chain API. When a consumer calls chain... the documented entry point,...
Malicious code in chai-as-victimed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...
MAL-2026-5605 Malicious code in chai-as-victimed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...