Malicious code in chai-as-minted (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @redhat-cloud-services/frontend-components-remediations (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/types (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in ethers-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71fb8c3fc53908b6c1f910ca98b3940ded0c9acc55112925833e60a64816510d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ota_web_admin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2724185590a9671481ff3ac84c4046cb7b1841b78c7872660ff5ddf32fc21309 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in foundry-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4855 Malicious code in @service-suppliers/set_suppliers_loading_start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b90557d314c93e20a5e2c0e307eb25f28e9e17cb31c630a6ae64b1ce8fc8013 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @polka-ui/configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebba90c019747402643a8d0056cd96101fe56feb8e9a4e14eb86cac2274def82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4840 Malicious code in @bcs-bank-complex-ui/deeplink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @gbrlxvii/ts-env-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a87c7356d89cd5eab9c271d10f1a74e288d09e5cf9333a9ee102ef8a532b31dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in auth0-sample-dus-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11085e4f685d863ed2e5196febd3ade6b5b64e18d19bb57d779d04e27a360df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-setup-helpers (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-4278 Malicious code in llm-context-compressor (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-4249 Malicious code in truffle-config-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...

Malicious code in ganache-cli-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144bbaf975156b3114f5526a7e9a8ffbe8eb411a541c7e457b7bf444200a02c5 Package name impersonates the widely-used ganache-cli Ethereum development tool but ships only a 138-byte index.js stub that wraps...

MAL-2026-4240 Malicious code in ethers-multicall-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...

Malicious code in dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60192fdff4e24c7d8a8a8feebf26b8aa9408dacbc59475649335e0efc03969f6 The package dowloadebokcomoleerelfutbolbyruudgullit8qd97 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3796 Malicious code in dowload_ebok_los_enemigos_del_comercio_by_antonio_escohotado_6t2l4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ecb449c7c0f418834fbc3e22c6d061ef50d4d6bdbb1e40d19fb85023be2be5f The package dowloadeboklosenemigosdelcomerciobyantonioescohotado6t2l4 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3733 Malicious code in mrgn-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60e708a2cb4de33f208a93fda6aa96871b522adaa504f529cd1424a802b76b83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3656 Malicious code in buffer-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44f072eff9ef90a204331ae1a03c5c4296929dbf88a05fff1a529e397548421a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...