MAL-2026-5957 Malicious code in @mastra/mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49f8ee83c01b471839bea21d7231e347b261071539611998f952f050cded4cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5945 Malicious code in @mastra/dynamodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88f1c319acc4591df560a402378efa8b10499f62c6014e785c983eed9c256a87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/libsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae3d2946dd7a5ef81d52da321aac5fce8fe40c59a844491d6e6a07c1c84b08ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hot-validation-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in numdifftools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c6d98d619244a4f34ba9c2ed85023e35f4064b0a45871edac806d1e8cdeff11 The npm package numdifftools is an empty shell zero-byte index.js that exists solely to fire a preinstall lifecycle hook. The hook runs node -e to...

MAL-2026-5700 Malicious code in transportator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f40d878023c5462d17916a03d22d7c2e9e1573ab590f50532aa2e620e7a5a13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5673 Malicious code in zatzdbai (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @sazka/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f28f82bd2ace12b57cc67c8da0f065ed544157af3148f2680ca8a36c9ef01b21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @marketplace-shared/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98933a5f467c2a623815ed46e5baf6838ba6e86e8055b48d4941da3bf59e5c41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5664 Malicious code in @tribe-digital/shopify-starter-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d20022a66a46ee0bc6a944946691b3746c8e0262e00b90891bd6ef26519e8a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in swagger-express-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342bf1e361c6684c276c1afc618d78d82268e93898daddaef74873a49c6111b2 On require'swagger-express-routes', the package's main entry transitively loads src/utils/lib.min.js through src/connector/index.js line 1:...

Malicious code in react-photo-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...

MAL-2026-5631 Malicious code in tailwindcss-animatics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b874b5b9324f64b8a30a60f2c89c8ea75dd40de7503a678c9d0e1829e53e8f01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @validate-sdk/v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e93b483fd9338717a984d2e695d44a5497cb4b2d1a91c0eabc160fbc6d6cd7aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5378 Malicious code in @doaction/signalhub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7bca1eff18553fad58ccd2097810887a61afc717b44a657c6674bfa7317bb41 @doaction/[email protected] is shaped as a dependency-confusion attack against organizations using a private @doaction scope. package.json declares...

MAL-2026-5376 Malicious code in @doaction/rrweb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6efd52baa69926a32dbac2a3c5eb53c361935e9a3386d2893bf2d7506ab4dfea @doaction/[email protected] is a dependency-confusion / namespace-impersonation package targeting the rrweb session-recording SDK ecosystem. The...

Malicious code in chai-as-minted (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @redhat-cloud-services/types (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/frontend-components-remediations (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in ethers-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71fb8c3fc53908b6c1f910ca98b3940ded0c9acc55112925833e60a64816510d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...