2656 matches found
Malicious code in polygon-gama-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0e5efa9d57dae04a6082dfa776d2c2664f3ce5a838ed9cf56f40656937b7e92 polygon-gama-apis exports getPlugin, which fetches JSON from https://bet.slotgambit.com/icons/111 and passes the response field data.credits directly...
Malicious code in qlkube (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51bbdab9d33c291290e2f871acd2ebf7bf64c2c66c5124592055669771b6301e The package's package.json declares a preinstall lifecycle script that runs curl https://cwcie03pzedo62twgbs3x6e9l0rsfk39.oastify.com on npm install...
Malicious code in evm-typechain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a78b4d04410e295cbe340c95e6800a0777717d46ce136f0c30b5593d1bd9738 On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK, passes the returned JSON cookie field to new Function'require',..., a...
Malicious code in chai-chain-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1964693dd7c2bdd9ca7ae20eb441597571b1b78a689bd97648998c6442bda99 Package impersonates the pino logger exports module.exports.pino, README uses pino badge, keywords mimic pino but its actual behavior is a remote cod...
Malicious code in solana-address-codec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae The package name resembles utilities in the Solana ecosystem e.g., @solana/addresses and address codec helpers, which is a common target for typosqua...
Malicious code in windrule-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...
Malicious code in cookie-ease (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e657448e95c84051d3c103da0e4bd744f5bc6cbbeedad66099d1ecf4681a65d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in setup-cicd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9d7d7f16320d5296fb3acf5cc61ae1cf55125c89fde6b702acd406e1516f92 Package [email protected] contains no observed behaviors matching supply-chain attack patterns. No lifecycle scripts, install-time network fetches,...
Malicious code in @meego-progressive/cdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a7205f38cfc6908e42b221ffcaf5118f3ef9891d4b1cc7c0798411cc7b0b349 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in clx-cookieparser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29b7ab13cd76393ea58b540ccf13b4ab4660edb4fac210d86a67e51b45fa1d0c Package ships a verbatim copy of the Express 'cookie-parser' middleware under a different name 'clx-cookieparser' and declares a repository field...
Malicious code in parket-flow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9b185a1b54e41a8fb900a67aab43dbb78abc4fea96e9ca05d356f6864e3bdd index.js imports childprocess and invokes execSync with bash and zsh shells index.js line 1, 301, 317. Without traced execution context it is not...
Malicious code in @mastra/voice-deepgram (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c6269a96366ca5cb804b7078f3eb2d0306ac86335922e3b00a17db6426024c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/couchbase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 693f6ba494800c38ce77ad49fa5d74745125fc4d3bb68c047ea96032580b7a93 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in ioredis-os (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 387bee0d123eeed248b8be6281784b88d2a3385943a3f696541c1ce48b1c817a ioredis-os appends -os to the widely-used ioredis package name and ships what appears to be a verbatim fork of ioredis same author, same upstream...
Malicious code in fabric-graphics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a0e1c67eb156113685783efe75a2bd26718f6dcb5b63ece1f47ec01098f71fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5853 Malicious code in sp-api-dev-assistant-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41506fcb0f329d1b260c8aea68fe27eb7b648576521da211f366dc49459bc388 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5650 Malicious code in ozone-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a208d054d164fa8fb82cafe470c99be244c6a911aed15ecf2f1546bc10cbbc32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in typeorm-encrypt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...
Malicious code in @solana-launchpad/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f311ca65e1dd4812e0b9812be713108a676a6f25c8d48443ab93a97133447b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5379 Malicious code in @doaction/storage (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2555ac1fb49d2dac0108e398a6acffa2bffa1a86326db5fa384ed1232fdab89 Package @doaction/[email protected] is shaped as a dependency-confusion attack against the private-looking @doaction scope. The 99.99.99 sentinel...