3 matches found
Malicious code in npm-rce-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6365312ad1339c7d5539f594b9e472ea3f10401fa356fe49766de887368e87c9 Package declares a postinstall lifecycle script that, on npm install, fetches a script over plain HTTP from a hardcoded bare IP...
MAL-2026-7019 Malicious code in npm-rce-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6365312ad1339c7d5539f594b9e472ea3f10401fa356fe49766de887368e87c9 Package declares a postinstall lifecycle script that, on npm install, fetches a script over plain HTTP from a hardcoded bare IP...
Malicious code in date-fns-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...