242 matches found
Malicious code in sixseven8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec482cba13f20090fc306d9a8c732ec4edbc8bb9326324f7dedfb544ad0d9a11 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in abuden1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366c27a7f56562405e9af37dcb6a78fa8f535af50e9ecd68ec559fbb1f80f5d7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-6740 Malicious code in decode-sdks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 645d703f4bbd5a7aedaa60a60b7d20af253d4da8efaf82cbac3520a8f21d67b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6726 Malicious code in db-convertor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7480b95a12688a84f3efd3d4c5c8a82c5c761f1f462eb22201f4385fb9bf691c index.js defines a method queryDBConnect on the exported DivbloxDatabaseConnector class that base64-decodes a hardcoded constant HASHKEY to the URL...
Malicious code in db-convertor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7480b95a12688a84f3efd3d4c5c8a82c5c761f1f462eb22201f4385fb9bf691c index.js defines a method queryDBConnect on the exported DivbloxDatabaseConnector class that base64-decodes a hardcoded constant HASHKEY to the URL...
MAL-2026-6725 Malicious code in @modhamanish/rn-mm-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafa948cdfb9fda0d33e923e0e352a384adecfaaab1ece9a20b1b645c1b58ae6 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6629 Malicious code in @lexisnexisrisk/insider-threat-platform (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dae189d0977c5458ccfe6ac903cf5014acf0e73277c22ad68edf683813066398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tw-style-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc430da42cdbbb83b681be645a2bbc3f3f2a48e0e19d9d3624b4b3e6f9aa7e92 [email protected] was scanned and produced no findings indicative of supply-chain attack behavior. No install-time lifecycle scripts performing...
MAL-2026-6283 Malicious code in new-ecro-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0826d146dbc513ac14f403eaa9ba65dffbd04da52c55ff1840ad153dab96e87 The package publishes verbatim big.js v7.0.1 source including the upstream copyright header, README, repository URL pointing to MikeMcl/big.js, and t...
Malicious code in ts-numbering (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa4527431d4606a2360de6e24717f43f7053fc7d94f2f57ac5278a5676f06b4d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6013 Malicious code in @mastra/cursor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a20d5cfabc08a156c36f4febc9204bc1303600106f54ae320b9bfcac7967ca7f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5851 Malicious code in epm-service-module-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fd918cea189b1bc56c3747261e190b331708c8dc3e799d144e95c33c0ebe3c0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5665 Malicious code in @visma-net-platform/module-navigator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d9c86b2942a6a62e08900c1c60743e4cec865cc0a439db8d8e6a0509d187b6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5504 Malicious code in @easytipsportal/pos-adapters (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3beea7d832b4efd2ebc9c3a8eb2ffe1507564985414f7cf399abbd8fc55bc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5508 Malicious code in martinez-polygon-clipping-simul-dalton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc17081752344fc57ebe6468de5909582aa81fb2957e605ee81aa46252150a0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in solc-compiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db07dc6d910303b81dcfab09279484fcfa83409addff755a29d58b1d0dff495 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in csc154-internall-depend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 468d4fe797c3be3e29ea6da37c1b04112162bd349f7aea270cdbc4ba929d945d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5268 Malicious code in ulid-os (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e3976f115506c13c7fae459afc6ad381e64043c4b8ca394a115763baa3d182c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5110 Malicious code in jingmeideshishi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe45a0c6c68a7c9bff9135ecd725baea4558380b10e02e2ed1670f20146d6633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @antoncallahan/aws-user-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...