Lucene search
K

5 matches found

OSV
OSV
added 2 days ago3 views

MAL-2026-10507 Malicious code in nodemon-delog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea1c5b4054d6daffaf190005db661027e29255ae20de1bb410f506de1f178532 nodemon-delog is published under a name that resembles the widely-used nodemon package and ships a verbatim copy of nodemon's source tree, README,...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in nodemon-delog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea1c5b4054d6daffaf190005db661027e29255ae20de1bb410f506de1f178532 nodemon-delog is published under a name that resembles the widely-used nodemon package and ships a verbatim copy of nodemon's source tree, README,...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:11 a.m.12 views

Malicious code in @weirdorg/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...

6.2AI score
Exploits0References1
OSV
OSV
added 2026/05/20 7:11 a.m.9 views

MAL-2026-4467 Malicious code in @weirdorg/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 7:25 p.m.13 views

Malicious code in venturo-playwright-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e63f5fe21c0fe70b9b120a217b3d1b14e765c47de231eb03d0d763c471fbd4e The package republishes Microsoft's @playwright/test under the unrelated name venturo-playwright-runner and falsifies its identity to claim Microsoft...

5.8AI score
Exploits0References4
Rows per page
Query Builder