MAL-2026-5108 Malicious code in cms-helpgit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb11c1d166cf4cf2726b7b89e77a41224b1abe19c6666ea0f06bdc06ebf967c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @redhat-cloud-services/sources-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5058 Malicious code in argpras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40083a8e3e772fd09bb0fca7791e87c2b3edfefe3ad7495b34899b6a54b2b077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5056 Malicious code in @trp-individual-investor-adv-disc/adv-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fc0ed55f4ec8a9ae7dd408c68635f245461c319bf4e7a0ca85adb25c9eb317b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tailwind-smooth-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5061 Malicious code in chai-use-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 941306dd3e5d860872f10c80f8e3acd59cbc3b3d0c7bb00e229442b3af273989 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in raven-i18n-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16965d1a02185ab8a7880951f6889127e66f0c1b3ffc718023ce2ac3593bffc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4858 Malicious code in @service-user-notifications/set_refresh_interval (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b13124f8eaabc2481894f69a70d43e10c28911bd5e2ef7e23716ae26b1113f5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jsonlogbundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af7e3df4204ea4db553819eb10281c596a2eae07343d8143e3ef63b708881dce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ts-iter-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52fbece62de86bd0498245046503745a1c94d8be949096277c47cd4a01f99dcf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4325 Malicious code in ts-config-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 991f5b6f0d00ce1e267299db5a6e4d74717173d1548efb94d68345cb6c8f6dc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4307 Malicious code in chai-as-redeploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 561efeb17bac2ceeef18be78e8cacfef6651c10dd3a13f4fda7d94d79c85dd9a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4332 Malicious code in unique-string-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c13681b6b78ec7996b99f0b0404fe78f1deb2235a379314856002f8f3ec02501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4321 Malicious code in motion-ui-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddce58f1bde22bf0563aee5f71aefe48c82ad61076557935bf8fff16eb9df3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4308 Malicious code in core-utility-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf63d686ef961c38d281d369f2f1b2cf4e2baf9c25f3e6a62672a9ac9b979963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4324 Malicious code in ts-big-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9e88287cb64881d3f8f2e1705d8984d54c0a3147cb3740660afca913064042a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4299 Malicious code in @gbrlxvii/ts-project-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...

Malicious code in model-switch-router (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-4226 Malicious code in tailwindcss-themers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091ab8da12c1de90002f159fc2db723d4c26b0bc66247c3278f4d07e159ae8c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in json-spectaculation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5666b784c76bbb0ecb504b52a7e70d17bfe910ad374f223e53deca3b57021278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...