1930 matches found
Malicious code in nam-os-a-man (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...
Malicious code in tailwind-animates (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da1c506d3ce6cb8bac934a9b51e967b8c2965de414adb1193ba38a64934a78c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in ai-node-relay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae845382ff29756db63bf611b9b6bdbd49c44be3bcc8b283512e6590182ac48b ai-node-relay ships dist/index.js as its npm main entry, processed with javascript-obfuscator string-array rotation, 0x-prefixed identifiers, base64...
Malicious code in @mastra/vectorize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3388ddbcdb1a37e8cb864a2b4b8b7b6a1c7b3dcd00735a6f962f56432a9b0ab The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5957 Malicious code in @mastra/mongodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49f8ee83c01b471839bea21d7231e347b261071539611998f952f050cded4cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5945 Malicious code in @mastra/dynamodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88f1c319acc4591df560a402378efa8b10499f62c6014e785c983eed9c256a87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/libsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bbbf064d557b14369949349954c599a26dda8f1d99e99bc5528c4b94e99bffb The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in hot-validation-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in numdifftools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c6d98d619244a4f34ba9c2ed85023e35f4064b0a45871edac806d1e8cdeff11 The npm package numdifftools is an empty shell zero-byte index.js that exists solely to fire a preinstall lifecycle hook. The hook runs node -e to...
MAL-2026-5700 Malicious code in transportator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f40d878023c5462d17916a03d22d7c2e9e1573ab590f50532aa2e620e7a5a13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5673 Malicious code in zatzdbai (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @sazka/web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f28f82bd2ace12b57cc67c8da0f065ed544157af3148f2680ca8a36c9ef01b21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @marketplace-shared/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98933a5f467c2a623815ed46e5baf6838ba6e86e8055b48d4941da3bf59e5c41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5664 Malicious code in @tribe-digital/shopify-starter-theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d20022a66a46ee0bc6a944946691b3746c8e0262e00b90891bd6ef26519e8a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in swagger-express-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342bf1e361c6684c276c1afc618d78d82268e93898daddaef74873a49c6111b2 On require'swagger-express-routes', the package's main entry transitively loads src/utils/lib.min.js through src/connector/index.js line 1:...
Malicious code in react-photo-views (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...
MAL-2026-5631 Malicious code in tailwindcss-animatics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b874b5b9324f64b8a30a60f2c89c8ea75dd40de7503a678c9d0e1829e53e8f01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @validate-sdk/v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e93b483fd9338717a984d2e695d44a5497cb4b2d1a91c0eabc160fbc6d6cd7aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5378 Malicious code in @doaction/signalhub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7bca1eff18553fad58ccd2097810887a61afc717b44a657c6674bfa7317bb41 @doaction/[email protected] is shaped as a dependency-confusion attack against organizations using a private @doaction scope. package.json declares...
MAL-2026-5376 Malicious code in @doaction/rrweb-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6efd52baa69926a32dbac2a3c5eb53c361935e9a3386d2893bf2d7506ab4dfea @doaction/[email protected] is a dependency-confusion / namespace-impersonation package targeting the rrweb session-recording SDK ecosystem. The...