2459 matches found
Malicious code in @tanstack/router-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/react-start-rsc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3467 Malicious code in @tanstack/react-router-ssr-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c8db33bfb3bf19b736238a7e0895ecfd856e38c6e86d83f6eee8df6f5c13730 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Practical Package Security: The Unofficial Guide
Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early...
MAL-2026-3268 Malicious code in @bcs-mi/store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...
MAL-2026-3170 Malicious code in frank-newton3-db-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c57962acb9140cd99fb10338da13df89a6af2a7da30694456df2bc151acd247 The package frank-newton3-db-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in frank-newton3-user-hunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3d2188a1bfb704f499669b386b4268ab26fb46de37022d5b91df575521fcf81 The package frank-newton3-user-hunt was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3173 Malicious code in gcp-internal-research-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9241eea1246719d57b428f64fd5138ae386fcf285aadd32a0a2ece3a8926b588 The package gcp-internal-research-poc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3169 Malicious code in frank-newton3-db-final (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a69c1c519dbe289ed217a75f1a31ace9b850acdb7df6cdadd95ca68f879f1d The package frank-newton3-db-final was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3014 Malicious code in vime-azl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...
MAL-2026-2970 Malicious code in @usealloy/component-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f32d74c27a8086c59f766c74f3fd9165eb49c0aa829661b6ff00e982c84d510 The package @usealloy/component-library was found to contain malicious code. Source: ghsa-malware...
Malicious code in apple-auth-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f287635d5bb4ba311de3a315d8b730e159dd7dee46e68896e94f07d1b4d91860 The package apple-auth-internal was found to contain malicious code. Source: ghsa-malware...
Malicious code in npm-doc-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8ae6448e13630c5243e98e1794e9b2f57b0e999d4c31687f0db0f1665496f9 The package npm-doc-deploy was found to contain malicious code. Source: ghsa-malware f7938c30cf6da645723648c4c43979c97d7c006933fb24ccab60154f1cc5d084...
Malicious code in @tushar-br/editing-pack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a4d5659346f95e443d4a8b6883c51f081de5eb6989f8f6731327eb34ed9c64 The package @tushar-br/editing-pack was found to contain malicious code. Source: ghsa-malware...
Malicious code in turbo-leven (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0903aeeee8de9f8d0b7bae616fb57ef1468d676ff1f319791b54a4c658211b4 The package turbo-leven was found to contain malicious code. Source: ghsa-malware 6a89f53d914eeb23f58756ee338b08701d799e346d6901d2f374bb51e736b2ef An...
Malicious code in optimized-fastest-levenshtein (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad1df5ecfcba26f63d6afe82b0b81c718ed915074e7e2a1eec30d7fd6815be5 The package optimized-fastest-levenshtein was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2849 Malicious code in @than1st/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33e5a745025283eafbcdaca42eabb928085deea39d64a048431086a73651cbb3 The package @than1st/baileys was found to contain malicious code. Source: ghsa-malware b279f3956e0591d27684f8ad6e1464cb4d3901ef0d1c977ef8ea6ec3f53a71...
Malicious code in moscova-plural-json-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a51fa685cb52dec458580533d514310ee1449c22a04bf82f6f1fc1e9e7b9db5 The package moscova-plural-json-parser was found to contain malicious code. Source: ghsa-malware...
Malicious code in chief-proxy-out (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b408fee03920bbac11e3f3e2a31fa1948a9d1b99041e54c1e10ba0f5e8cf949 The package chief-proxy-out was found to contain malicious code. Source: ghsa-malware cc92974c8b9f8dc914e29b747314307d52026764bd99c484f10fad298df29f6...
Malicious code in tailwindcss-style-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625db5a21e8ed06ca7ce3b8d75adeff20b4179dbebe797b13486039aa74d6ea The package tailwindcss-style-typography was found to contain malicious code. Source: ghsa-malware...