Malicious Package

Overview foundry-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4466 Malicious code in @weirdorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28e2fe6ac03c8e426aeb69f62bf0b2bd4dfdb06a5acee273bb5967186c5504d @weirdorg/config impersonates the widely-used config node-config package, copying its README verbatim including the require'config' usage example. Th...

MAL-2026-2590 Malicious code in @op-microfrontends/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18abaf512437e5aec3a133779781406b8817f9085988e6179c886f014ee96ef1 The package @op-microfrontends/config was found to contain malicious code. Source: ghsa-malware...

Malicious code in eslint-config-ppf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cc85236d3cad46c2333a3252ffd8e3b96ae35f96a4ea2a4cb801d17c4e07390 The package eslint-config-ppf was found to contain malicious code. Source: ghsa-malware...

CVE-2006-1844

The Debian installer for the 1 shadow 4.0.14 and 2 base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges...

Malicious code in @lessondesk/eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef9fcb377fe99dad0e34ec63a5ac929adfc5d8be48e49d330d4785e1d2a6a7f The package @lessondesk/eslint-config was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198938

Malicious code in @posthog/nextjs-config npm...

EUVD-2025-112573

Malicious code in impulse-dotenv-parse-variables-jest-node-config npm...

EUVD-2025-115075

Malicious code in config-ophiuchus-karma-centaurus npm...

EUVD-2025-115787

Malicious code in callback-transform-zenith-node-config npm...

EUVD-2025-124405

Malicious code in node-config-non-blocking-meissa-middleware npm...

EUVD-2025-111880

Malicious code in lacerta-backend-soap-eslint-config npm...

EUVD-2025-112897

Malicious code in heka-quito-pipe-eslint-config npm...

EUVD-2025-113903

Malicious code in eslint-config-promise-jest-winston npm...

EUVD-2025-112068

Malicious code in juno-yaml-neptune-node-config npm...

EUVD-2025-120155

Malicious code in yakutsk-postgres-tool-node-config npm...

MAL-2025-140644 Malicious code in chalk-jest-nestjs-node-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ab344fb3ee584eae4df856234f3fd3843fd7aa00e09dcf066ce25fce9a0fe3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-48498 Malicious code in internal-config (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in @hestjs/eslint-config (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43db3cfefa88993ac8bb063a14e25b560d13c5aa8a2af7472f72b2adb2043cd8 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in @avoc-analytics-skeleton-monorepo/config (npm)

The package @avoc-analytics-skeleton-monorepo/config was found to contain malicious code...