502 matches found
Malicious code in sixseven5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ff6db681456253158f47c4b36f5d7aa03089ec629cd7d0b0246a9ab6c871efa The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in ishowfeet8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01f84766a048383d03dee0415d1cada0c19a19afd27efb5a76217e7333bed084 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-6832 Malicious code in competion (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7977f7cd8dcf35f17c8745de465b35f920055be22dbb883dda7abf2e978ef0e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6652 Malicious code in @webda-infra-ui/static-images (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e3a5a5b3cabd78201cf327847094e9dab8bfcee7452d7665151ea8ddc75d93 No suspicious behaviors were identified in this package version. The tarball contains 2 files with no lifecycle scripts, no network calls, no...
MAL-2026-6626 Malicious code in @hg-aka-prml/tapas-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0283140e8754f9cdc894794ae19307cf6235508d8f8cc75d97b900c1469d9393 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6627 Malicious code in @huobi-ui/activity-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2dc07679f0c801fbb465a2502687e29ed687871964c5d84c0dd5f2b7f94e8ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pvd3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c992d4bd87c36aa389d168c263ca0b89c04b425b0483217ae1098a0c2f3ee10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6336 Malicious code in sync-external (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...
Malicious code in local-ip-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5741cea5f57c51246c2944fda4ecf601f191b482e5c6effa22b640f8701a00e8 index.js imports childprocess and calls execSync with bash and zsh lines 301 and 317. Without further context, it is unclear whether these invocation...
Malicious code in node-core-libs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...
Malicious code in @mastra/pinecone (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5fe167a290de09771a13ca4a40df0709c0351a576d7515d2279d6697717ce21 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/koa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e8ae2c317dbb57c6a85b0bea50cddd76d109cd8ec802bc646df6c514d91bcd The bundled output at dist/index.cjs:212 and dist/index.js:210 contains a Buffer.from..., 'base64'.toString'utf-8' pattern. Base64 decoding into a...
Malicious code in @mastra/mcp-docs-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 477f5b90c17486d7cf04f5aa840c94a66509022040515038a955e610a31c88e4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b30eb1bb672113816f02b78c98eb64ed613f49acdb94a706c7abf2418670f31 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in um4r719-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53f1c2a49e2308c20e21386b89c058c6acba9105dc484912cb141d7e8a1881b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5691 Malicious code in ecto-spirit-win-k4n8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8082c12f69dfbb45e83017fa0baf4f88f9500649dd443e80f2d7d4f858020814 The package ships a postinstall.js that imports childprocess and references HTTP GET and hostname operations. Without traced-code corroboration of ho...
Malicious code in ozone-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a208d054d164fa8fb82cafe470c99be244c6a911aed15ecf2f1546bc10cbbc32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @doaction/rrweb-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6efd52baa69926a32dbac2a3c5eb53c361935e9a3386d2893bf2d7506ab4dfea @doaction/[email protected] is a dependency-confusion / namespace-impersonation package targeting the rrweb session-recording SDK ecosystem. The...
MAL-2026-5102 Malicious code in @ewfewfewf/testhackerrr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47e70cb260a34952bd8dabf1cbb510efbc9072e3d809a03deec32a70745e4d3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4303 Malicious code in auth0-common-telemetry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f3c3552f34433514fdec16e709163cc2f8aeac595a66544d9924a94e46a01fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...