3524 matches found
Malicious code in tipsen-last (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8dda277dd82e1c50906cff18341bb76485eed33ba42d39b228c447514e4081f package.json declares its only runtime dependency "safe-chain-test" as a direct tarball URL on hoped-twice-evaluation-site.trycloudflare.com — an...
Malicious code in abuden229 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 348ad89821b1ea36a325bc8f2e570b3a74e3a6238381106746bc31146c743fec The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden228 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b15ded0c14059932e82f8e56f2b6d6fb13ebe2da3b51d3e17e048044e9266716 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-10282 Malicious code in acidic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef3583eb4d5b190d763cd784f5a40cb2cddaa8f1b6cd81b8a663bb612b51bb7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in acidic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef3583eb4d5b190d763cd784f5a40cb2cddaa8f1b6cd81b8a663bb612b51bb7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in abuden23 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a3dd35665bdd420f175b6b522ef75b800e178d26b62971b55b20891e5663c0c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff18 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b37399115949eb936a5e60cb1e4bc150431211adb4c62ea0bb2ad7120bf5c39 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ishowfeet11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35ad3f426377de0f1898ef51d148062669bd91d3cbae08ffe620af8514fde41e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ratelimitsucks9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c5a4a441bf00f2d9dd64e778e4c796779d0a4a216b92bcaee66d8012d4ce255 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ratelimitsucks1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2908fa35f3ab37dd9e5b137580117e8be746c328b74934d3a5f04d8ce805149b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in sixseven6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fce7a5f40c9f40116627ed8a771d60c34786bc52648e39e0741fe392ed0120b The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in backupsitetuff10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8062677ad6aa536c8e4582df43db6251e78e0cd2a0e4c36348a997bc28b06d5b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in backup3-ff (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a32646e3ad3e35186f8344c19ccdecfd69c26e8047fc44b77c0516b644fd094 The npm package [email protected] ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote...
Malicious code in thebigyahu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb60a0e719514988070d96c3cedea8d918edccef68203afe3cda86635c607de The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in lowkeybored (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44a98aa46273662e37d16a9ce5fd2e003ae747c89301cbd03b1ba52bdbe81fca The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in nodemon-sudo (npm)
The npm package nodemon-sudo is a typosquat of the popular nodemon package: its package.json description "Simple monitor script for use during development of a Node.js app.", main entry ./lib/nodemon, and forged author field Remy Sharp, the real maintainer of nodemon are copied from the legitimat...
MAL-2026-6967 Malicious code in nam-os-a-man (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...
Malicious code in whs4_nmp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...
Malicious code in wsh4_npm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b6c0b02642cf1c4c0fe420fd03c0c129c21a544144878df4833373da1b98aab On npm install, the package's postinstall hook scripts.postinstall: node index.js auto-executes index.js, which builds a payload containing the...
MAL-2026-6939 Malicious code in polytrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bb6b9a4e70c868e150f06160b187915bcdeb6c9c8f95095af4766dde92f96c5 [email protected] advertises itself as a Polymarket API SDK, but the exported getPlugin function in index.js issues an HTTP request to...