560 matches found
Malicious code in @content-editor/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6619 Malicious code in @fed-sofia/jetify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d52f83f746279f72c9c00fb264e4187de8c611e0d0dcd3d24ac98cfed4618f5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6361 Malicious code in vscode-test-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c62d19484eeb938a92dfdcc6cbce9dba47e390676774254b0dc318702a214418 Package occupies the unscoped npm name vscode-test-web, a likely-misreference target for the legitimate @vscode/test-web scoped package. On require,...
Malicious code in @muaththir/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66954b91179d60bfbf1c18e8ed8ed9e6b12ab7b13bc6ab2a4174c3bf063c2c0a On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identifiers os.userInfo.username, process.cwd, Node...
Malicious code in vite-enhancer-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f95dc5a82c03457cbfab461f0b1775f3918589db6ac513342a1ec0dc1aacc1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5380 Malicious code in @doaction/sudo-prompt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e989180180ebba42b05f086cda01159058a0a9ccca3c4beb95f3e5a31430dfe6 @doaction/sudo-prompt shares the name of the widely-used unscoped sudo-prompt package but contains none of its privilege-escalation functionality. Th...
Malicious code in token-usage-tracker (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-3519 Malicious code in @tallyui/theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34578fa5c77db2b21dd15d3357fc2b7c4d36a2ce4d1d44f86daa5c04561d662c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in in-app-marketing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d475c46e8eda7ca153485336dce8c0b7d3bf8e3ea31a871232bc815438bc140c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2061 Malicious code in @emilgroup/tenant-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d887c661a1552423bf923bf1028ef4aabb762dc2fa329db39e8b4552ce32803 The package @emilgroup/tenant-sdk-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in npm-demoo-1111 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c2199a37f518fbd8345def58b16a83c07aaf6aae9b837f6ec6d96a179f97849 The package npm-demoo-1111 was found to contain malicious code. Source: ghsa-malware 12073b21cd21241e9d8a004221c9e22d323091d95e7b5b9bdde2f1b20883aea4...
MAL-2026-1416 Malicious code in twitch-security (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f99261d9b844b178048388c92a488b23fa3bf806bbedbcc40108cb97f0b7087 The package twitch-security was found to contain malicious code. Source: ghsa-malware f46d2713d7df72180db5cb77dcd0cefbbffa8baa5a245e376ab250a84d29fc2...
MAL-2026-750 Malicious code in dspmobile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcd390d34dbfd7246c65b551f8b71dfaba4b78fa438e818cab41a0ea35716c21 The package dspmobile was found to contain malicious code. Source: ghsa-malware 73466b34e7f0da321f410baa9db15370fbf0563af429ef587315608e3507f2b6 Any...
MAL-2026-556 Malicious code in digital-music-dynmsg-ribbon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 539cc4d9f61bd9add970da883b5bd746b0b08614fbf948e143e6a35c606e593f The package digital-music-dynmsg-ribbon was found to contain malicious code. Source: ghsa-malware...
MAL-2026-424 Malicious code in plugin-react-swc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 197cedd065670a6a39b4401d52b2a636d5ff18f26c378b571770286a807ec467 The package plugin-react-swc was found to contain malicious code. Source: ghsa-malware cba9afea98505469e9b9f36095ab566e5cd857b54255290d9defa67c40c62a...
Malicious code in test-thegenetic-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a1aa78e95a98adc8d2ce9a727c53e49e1a1cd5d91a052d5aadcb2ead7afe050 The package test-thegenetic-module was found to contain malicious code. Source: ghsa-malware...
Malicious code in yellowdiscordlookup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a458f47de1b6a86fa1139c7fa7def7c0035d181b6db01d635374e0e6058893a9 The package yellowdiscordlookup was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192650 Malicious code in viktorparserctf4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00678c1855d2692f49a5643aecec33c4181e61a390c1852ee6b7200f0c2f3ca1 The package viktorparserctf4 was found to contain malicious code. Source: ghsa-malware 0961c05d572349a1c68d499506c8317678a9f123ebbeaf7540186a8cbf6f87...
Malicious code in sdbao-content-sems (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050ceeb8145a6cac66b0539a7be8d50c66979cd72b54055f3c49c0c40823fd6b The package sdbao-content-sems was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191449 Malicious code in @accordproject/markdown-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa9047c76812b92b2e951857e7b8b36154b6662c2483ca7528bfa6af593c69c7 The package @accordproject/markdown-cli was found to contain malicious code. Source: ghsa-malware...