516 matches found
MAL-2026-10558 Malicious code in akshajrawat.utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...
Malicious code in @gleamkit/engine.io (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 008464ca4d7ba15b4b8c6d3a979586c61bd527aef3a209571d28c0ba912403ae The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in testdonotredeemit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in ishowfeet20 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57470f610cd7e988daef50a3a2587778f3dce2cb1584572d4a1795876f9cf6fe The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in changiairportpromax (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ab194f6c4e1d4197856c229f74ebf46e7eb90ff703ff4dc3172379aea96923 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10296 Malicious code in bomboclatwallahi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55a7d4f08c0c79c42f9938a1c11d3d6828907fb309e582faf38065bbd04f5149 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in txs-builder-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55bb13d76ebc74c36f68dd219079500d0bdb60e4bc07f8089eefbcde91bbdeac The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in na-rony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...
MAL-2026-6902 Malicious code in wime-zle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3e5a49f13ac5ae3e92267b63357dc81d37b138ed5981949b12e51a09095e2b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in metrica-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a0ee3435b3bf0949e63f6770b91c6bb1e2d7912054dc1cb9382e3eae20c84ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in eth-tick (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96638eb8282b1eccbe4d7c1b1076340ac1b870d325856e2ad5415c2bf2737eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6822 Malicious code in fastnodemailer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 767201ea4bfd4f0c6950f9d6fadf4f9e38c9e72e56abd975ac1b49864ffc04a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6739 Malicious code in @lodash-en/lodash-en (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in confluent-kafka-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...
MAL-2026-6614 Malicious code in @deel-ui/animation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40504b8c9169f5f475a82e0a1e5177c78446954bd6730123eedfcdc5c502ff71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pvd3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c992d4bd87c36aa389d168c263ca0b89c04b425b0483217ae1098a0c2f3ee10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6334 Malicious code in parket-flow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9b185a1b54e41a8fb900a67aab43dbb78abc4fea96e9ca05d356f6864e3bdd index.js imports childprocess and invokes execSync with bash and zsh shells index.js line 1, 301, 317. Without traced execution context it is not...
MAL-2026-6019 Malicious code in @mastra/docker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a207ac447f34657bb3cf28f05850031dc57ccb5a9b1082e792a7e420ef0fbc0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/s3vectors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a80c7f7a2326cd8139c9d2f5441370092e3816b3f81fda0edbeaa15902ab816a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/auth-better-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3f3ba577912ece34e70e0f5d94ee38bf681dc3f0d2a2125d0bbe95c98dbbe3a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...