399 matches found
Malicious code in ratelimitsucks5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1a8e8337f9df3011cf32fbc4bb478d960681df93aaaddfdec39034a123a9b5b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in @vite-ln/build-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8972bbfdd55ad200dd49b08501d7391beca99841f0c36479806f2b1e329950a2 Package @vite-ln/build-ts copies the legitimate vite package's manifest verbatim description 'Native-ESM powered web dev build tool', author 'Evan...
Malicious code in nuxt-fonts-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6ede5024b6ee71356eedb3dfb3bb648682901bf6b966bbe353daff6082ecc85 Package ships only a package.json and a readme; there is no main entry, no bin, no scripts, no dependencies, and no executable code. The readme...
MAL-2026-6849 Malicious code in log-upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f55c4d43e953e16c7d0325948c789e0fdf1acefaca4b47ceabf199a5288e6f82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @contentprod-authoring/block-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa028931eef026447363bc2ef44ace207f4f3226de4289e354d26d730fa28186 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bundrix (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f853223051c1cb68bc005b827209cb844bcde568473a9ff819fb34fccb042d74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/agent-browser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ba6a41e7e43733a8334968ce740af8771208c66c7529d9f4319bd62e39601d @mastra/[email protected] declares a dependency on 'easy-day-js@^1.11.21' in package.json, but the package's own compiled code in dist/index.js nev...
Malicious code in @mastra/cursor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a20d5cfabc08a156c36f4febc9204bc1303600106f54ae320b9bfcac7967ca7f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f30e29c157bf23964dd09537f5c99aeb494c21ebce16d6a33b746a576a02566b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5952 Malicious code in @mastra/langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f30e29c157bf23964dd09537f5c99aeb494c21ebce16d6a33b746a576a02566b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5689 Malicious code in ecto-rust-read-f3a9c1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e73d10b993d9601d0dfe78d143a550ed008b8233beb8b88b7443208e4d0fa89d On install, postinstall.js evaluates a targeting heuristic isRealTarget that fires only when the build environment looks like a real corporate...
Malicious code in mm-ts-utils-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f5526f66eb7799c34080dc4e5f938decfa90924772556b159a26eaa3b1c4eb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sass-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb75afd7831272c042cd125165c2af78dff7be9be44f5a9df12382dda56934a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in tailwind-dark-mode-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05c8c711242c04547353cacb4860ee757d595ac459a6f8d7311d2c0827a6bc92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5516 Malicious code in tailwind-animator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9a1b7c3c3877a14abbea0abc4ee53a2d5d7207f7932141f428235c069285c0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5049 Malicious code in @lir-portal/web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6cc9f2fe6ad0219df5db208b736cb45305b7e7062ec9d66a3316427e050989f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @limebike/supreme-date-pickers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c82e94fac384ea6891e5aea99635ab429663e321502acbbc9eaaf81864e0d5e On npm install, both preinstall and postinstall hooks execute index.js, which collects the installer's hostname, all non-internal network interface I...
MAL-2026-3585 Malicious code in @uipath/vertical-solutions-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76957e857334423d0c1f4100218bb5856183968cc9475481adecdf97eac57796 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/resources-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 740339e7d1f42f7f163cbe965322c0e9438ae7efd05a29fbd4cc161e6fe5a5f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3441 Malicious code in @squawk/fix-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 624b956af551986dc49e0004c6e0c804f3b48f57216b63bb5784c9c236e866da The package @squawk/fix-data was found to contain malicious code. Source: ghsa-malware b47010b41e9098203e9d382c36292a5bfa3c32741fbc916a9a9935f9975fc8...