19 matches found
Malicious code in ecto-rust-read-f3a9c1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e73d10b993d9601d0dfe78d143a550ed008b8233beb8b88b7443208e4d0fa89d On install, postinstall.js evaluates a targeting heuristic isRealTarget that fires only when the build environment looks like a real corporate...
Malicious code in tailwind-effect (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a340be9809f1baa4f0e0ce64286a7d9266ccb49cd82fae68f5ac02b50e193a5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @rsi-community/hub-client-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1809bcf5bcd98744f995fb8ad94581a2708daa99f40bf4e4d563e17c5c81b4b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pear-wrk-wdk (npm)
The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
Malicious code in sign-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e300b5f52fc165080a7c0a9eee170ee453c31a0419dc65e004a64b0749b699cf The package sign-client was found to contain malicious code. Source: ghsa-malware d46bf80205dc64dc9e6d65d1208f0b6e1a978d8dfdd555fbb2c9eb31805df69c An...
Malicious code in redirect-iocz0a (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad74b3db117b60fc0bbc25bfe553def04f2261766313c4b245c4c88c657d1573 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pahtkit-wasm (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3e76975e429f523a3fae3ff739755780b9f6f01a170517550cf8de743a585a8 Any computer that has this package installed or running should be considered...
Malicious code in axr-smart-contracts (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6f40c0f14910689109d5feee0e22e6d1c1ce158eea34d5d4f95e7209c5dd425 Any computer that has this package installed or running should be considered...
Malicious code in golanci-lint-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e69962c9a060f9d61253d944cc7c3573debc57053555bb4dd496618bc1b6510f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/aspernatur-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2db9352ce5aeccd44ca3b1ffcae6aca686f8859bb9797ca54c770a8fa6700815 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/quia-harum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36e96c5096009919782abeb8222b712a4cd7bc67592838577c9bdfb7fc4abd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @leanmull/ldb-decryptor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d4e66532be866fa2974fbd1653c75fa4bec095ad78503c70b153fb75c8445a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v230 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 613f81ad818ec478f7e4a2a77132dc5017bc269007bb38a1239517498931711c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in 0supportscolor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c430a61fb64569c2e4ee9d61d852f0189d613b8a916487edce0ba29c2ac69e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @igraal/web-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b528b8b8df766627a5ea305e8e4a7cad961d3e3c5e367b6c4c6510e37238f6d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in odgikqtuwcmvhpzn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 849e604c2ca9c89c0da2b89856fd4d8a4bc562b85dd2f5ad90b37c46e5aaadc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in epic-ue-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42ac396111cdac73dc3a39c9ae1f531ba8418435a8a6ef8e7c093d9243ca682b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in thesis-form (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8878bca276c410b3043886cc4e1292d4991c909a98078d879690ac7c2671a1ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @logistics-frontend/client-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ec68c4d34cf87350cff78bf89af4256fe327563a079c07c24cc75114db204ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...