4608 matches found
MAL-2026-2935 Malicious code in @tushar-br/desktop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25eb4a54e706177aecf51b4124524e6e7d0534b02d9b8e6970169a9df8189ef The package @tushar-br/desktop was found to contain malicious code. Source: ghsa-malware...
Malicious code in ethersproject-wallet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b1c992cfad672d784afa83763c813b657de3834631b9dd92b6aaa7237e87440 The package ethersproject-wallet was found to contain malicious code. Source: ghsa-malware...
Malicious code in @rexorg/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a10d1a86c535852318ad135eca1236f436ad942657df6107d1e1e8a117faf42 The package @rexorg/config was found to contain malicious code. Source: ghsa-malware d3c7f7c6129d24b5a4ee9f95be492524854c16742b8b538f33972fea399c64f5...
Malicious code in svg-sizer-responsive (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a60820b0fbec756691b147e45ad8157501c307c7864249a6a7b112b5293846e The package svg-sizer-responsive was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2131 Malicious code in nemo-fpti (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d59bda0a25d9b656075c91322ff0c7a8463b743465176a358265f7fb35710b98 The package nemo-fpti was found to contain malicious code. Source: ghsa-malware 7e5357f25ae0271690f061e93dc85be49cf6ebe3ccd0d09110524b0fcbb30ee3 Any...
Malicious code in pulse-feature-flag (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fad1549c9f60719931f740e56bfa68762b93275b97574f4d8d2c08aeedc71344 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2060 Malicious code in @emilgroup/tenant-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19565ad64d71448817cd4ad8fa924ac70de1832d0c158fcca37a70af0fe97783 The package @emilgroup/tenant-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2065 Malicious code in @opengov/ppf-eslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9589ba5a93df27f74e2153118cf450e51df3df58d8c7abd8e4043cf28c0d8bf The package @opengov/ppf-eslint-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in xyzttt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bf8be86e9fbf67b0bd783470b31f222a90f7723388dac7deb1b168e658cf45e The package xyzttt was found to contain malicious code. Source: ghsa-malware f9a2092cb0041e877889c537a1e182d10e0fd642e2bcdb26daa6e8e8a2f7077a Any...
Malicious code in xyztttxyz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ec60812ab8ac06f92ad0543c7a16f930da49afbc1ca5e10e6cabffe3ffe1ddb The package xyztttxyz was found to contain malicious code. Source: ghsa-malware c7299da569fb2428ffb4bcb1641a07a7879e89460f46405e2257197a6f4fe2a3 Any...
Malicious code in hiagenttest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ea4b234d38909b534414ea6c060e079ef07575115b5e06919ad1778930e1c02 The package hiagenttest was found to contain malicious code. Source: ghsa-malware 30c4c5863aa45de206d3f6f50505fc89f13e2613c4fb62b80866030d74bc2df1 An...
Malicious code in @metaplex-foundations/umi-public-keys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48abfc0f902cd0f09b0c2ae7449eaefbf3b4baf1cb12e4165f509b86f7ad8692 The package @metaplex-foundations/umi-public-keys was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1444 Malicious code in graphql-request-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e85257ce18204d98a8a6181fa40a75d7feb91477b98f6b86ba89223a9f4e51 The package graphql-request-dom was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-wrk-wdk (npm)
The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
MAL-2026-1514 Malicious code in declaration-block-no-ignored-properties (npm)
The package 'declaration-block-no-ignored-properties' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
Malicious code in @sky-it-livedata-libraries/livedata-commons-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23622be0c1860486eed767780c0a0de0a46b5b0a736cd99a08ecba95fd57c411 The package @sky-it-livedata-libraries/livedata-commons-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1345 Malicious code in npm-builders (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c63391276857464ec97afe878e9a323907ccb5cc79486e5d11ce3078f2621e1 The package npm-builders was found to contain malicious code. Source: ghsa-malware 83c8c91b9b31b2f06c283e24505777cd3486a18286a6eb6a2f2b29ca2e6462e6 A...
Malicious code in monoping (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8fd35713b7e196cf598a8c69f853a4760cc2a2f079ae9e51d3d5d62d33a954 The package monoping was found to contain malicious code. Source: ghsa-malware dac223c01f73149dee79551e85e5265a42c4093a91294545d780f6f86ac1ee9c Any...
MAL-2026-1299 Malicious code in monoping (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8fd35713b7e196cf598a8c69f853a4760cc2a2f079ae9e51d3d5d62d33a954 The package monoping was found to contain malicious code. Source: ghsa-malware dac223c01f73149dee79551e85e5265a42c4093a91294545d780f6f86ac1ee9c Any...
MAL-2026-1270 Malicious code in @wgu-edu/wgu-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26d12da6d55658bcd129c71b6cd484c74498f993ec35f2219f69b6b8018ccee The package @wgu-edu/wgu-icons was found to contain malicious code. Source: ghsa-malware...