MAL-2025-3788 Malicious code in f0-flow-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c42aceb0889ce5fb0fad4c698354a5a1df80d9432c36717c49a273f233cc9cf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3797 Malicious code in node-event-listener (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ace3ab879582927c692b2b5cc3006afb79d6853935e6feb933e544a35260ed2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3789 Malicious code in aiide-cur (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f87105b04445846be4b509793882c19f03cc302b5a62c868a7f5bc603d6ca1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3748 Malicious code in @myop/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cedbfe96e39f9d1720d4568325348b54f9806c883baab188675958573a2f34b Withdrawn Advisory This advisory has been withdrawn because @myop/cli is not malware. This link is maintained to preserve external references. Original...

MAL-2025-3777 Malicious code in zksync-root (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0af13565b82b48cb80a58f21db293bbef9f5ef83e1c4fdcf67534110215bab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3763 Malicious code in frame-minter-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edbfd183462b159a20b8cfbbf493357ec40a76dc283c070eb9a9dfb8e4f172fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3739 Malicious code in gear-idea-indexer-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e4383fa116dab4a076fef8694ef177acb72f5e46038222fdc48e6339dc84a6b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3734 Malicious code in com.unity.robotics.warehouse.base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c888bbc76a87698356b86c72559a95c4a77dd4440e06d6ccb1423ae2aab3bc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3711 Malicious code in @phone_base_ui/base_call (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9aab6d4f24fd03ee2b4d79a09c130b16c81828aaae5459a60b22282460bdd1a6 The OpenSSF Package Analysis project identified '@phonebaseui/basecall' @ 99.9.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-3689 Malicious code in internal-lib-t1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0656cbf9afeeae51e03fe153910e1dad3a3840f219effb0583665acdfefb34ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3691 Malicious code in log-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 931fa544f576184bb148710757dc77752a974c0fc3d3e1f29f21a416e845c06b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3686 Malicious code in glance-design (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee4efe6d4c135136464de1f7b7b933c547869de8b71b6f645fedf3afbe4f5356 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3927 Malicious code in world-id-discord (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17c2aa40d0cfe3dd971a7de35ba8d570a70d3b34f516dd5d69eff3bd7309bf96 Any computer that has this package installed or running should be considered...

MAL-2025-3923 Malicious code in ui-cluster-driver-sks (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0df8e83da746ac6e7cd3a4ea82d15ef6dc513b4f6be89b8c2bb9668fc80efe38 Any computer that has this package installed or running should be considered...

MAL-2025-3698 Malicious code in substrate-faucet (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c694048c1a8c1f3c9b8f183f75e0a9464e084cdaa8fc58c9a770190c4ab4824a Any computer that has this package installed or running should be considered...

MAL-2025-3561 Malicious code in customprefix-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af67fc99b5f6993bf42c27c8c407c6bee3e97d0f412d03ab30533470b86339d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3571 Malicious code in mymte2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc861b79eea3d82ab6dc25824fb7dad325622a6cbe4012fffe07ad7c198b4a73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3497 Malicious code in jd-npm-com-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f205097feb67db492d1ce42f141278ef445cb7792b8c530f866eb0a837e6d47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3387 Malicious code in dowload_ebok_a_bela_e_a_fera_by_elizabeth_rudnick_evan_spiliotopoulos_stephen_ch_9ooey (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf3075ed01e988b75ffe573ce85b459ad0e7a1f3a4811aeff563b24af9d9ee54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3388 Malicious code in dowload_ebok_englens_spil_by_carlos_ruiz_zafon_iben_hasselbalch_lqvq8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a13704c12e7e39594e32a2fa929139780659e502c52a16c0d1e57c897b561c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...