Malicious code in ts-wross (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42dae43b7ff77748f10ae5faf6d87b7d63552e5629a37c931ea2c0de3539b469 Package is published under the name ts-wross but its package.json claims authorship by Michael Mclaughlin [email protected] and points its repository...

Malicious code in @mastra/memory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92f78b0ff07c91489b166d3ba2d6d7405f35c26a8ba156d4f920d5595c3d0f67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6007 Malicious code in @mastra/client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22551bc03157cad1fefb8af44f3b14c9fe9e892c083eb904e512007015e72f9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in create-mastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12df16ee90f6c59f31e4b0b71f2dbf3a0b046e17ecae5e13399b69fec9f3c563 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/clickhouse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0340e0357954273b020b5db0242f8b065276aef9e697fd85f0598bea219abdf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/fastembed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0da5948a94944695bcec24b99ac8a6b9ae7f5f31e8407f8c731379a6fda79c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5848 Malicious code in slow-surf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f66d2ad1de3674c7aa5dd5efdb00624f0d1ff7f6f1ed38f054e6ca018dea673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5686 Malicious code in ecto-corsair-flag-x9m4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd1e74d04f91a92c7c0205e252bc0002095d0c1ce9b9e9390083d267422e8b10 On npm install, postinstall.js executes attacker logic gated by hostname and working-directory checks designed to fire only inside CTF-style containe...

Malicious code in ioredis-typed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bd3dadb6d1e5369a82a26b784f5d557e289158636cdf678333f9deef05dd996 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tribe-digital/shopify-starter-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d20022a66a46ee0bc6a944946691b3746c8e0262e00b90891bd6ef26519e8a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fed-callnative (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3971b7c0ac52c7cb668a8147d9774cb0f7a0b4e0bf04a59a6b55426f9c84fcf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5652 Malicious code in theta-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbfa69ed41fd4cfb88637f2f5765174105f8c4eb42d4f433fdd05d642e664fa9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5634 Malicious code in react-photo-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...

Malicious code in tailwindcss-merge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37e379cbf2d39f386221b7e0896b9331c7a52dc62a74bee6ded47962a77074b7 Package name tailwindcss-merge is a one-character edit of the popular tailwind-merge utility, and the README documents it as a drop-in import ... fro...

MAL-2026-5626 Malicious code in rate-limit-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5633 Malicious code in typeorm-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...

MAL-2026-5583 Malicious code in emittery_styled (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f21dd8eb533d5ecf0c5123429a9cc453f24eb9426a6cfadcac5c2d299fa5a23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in solc-abi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5ecbb6619ae13314417faab35b315155c9a55f98dfdb707fe44edfe1f7e7356 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5495 Malicious code in @solana-launchpad/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f311ca65e1dd4812e0b9812be713108a676a6f25c8d48443ab93a97133447b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ethers-jss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 56bf62c882d62bbb9bacc402f0f25f48e12b878ff454eda013fed56dc61db42e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...