Malicious code in @antv/l7-utils (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g-webgpu-engine (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2025-191424 Malicious code in shell-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec827763d5d35bb7fe06832d19091679dbafd7a46c4ac4891abf44bd656d2795 The package shell-exec was found to contain malicious code. Source: ghsa-malware 23f9910c5869fcb7ab6c5cc5c231c47e73e39735d9b9d1abf55109e19585f0a4 Any...

Malicious code in debug (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 558d1dda312e85212121f4ed15340349f780f5e40d6685c3687648bbb2924381 Any computer that has this package installed or running should be considered fully compromised. All...