Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

MAL-2026-5523 Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

MAL-2026-5522 Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

Malicious code in @orion-design-system/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4218505b74ba258cea12df713bbc27db9fa58d6660cf83e6d0c5fd8a9f68a4c2 package.json declares a preinstall script that runs on every npm install. The script uses node -e to require os and https, reads os.hostname and...

Malicious code in morningstar-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18591ac1a5cb5ca3d11e07bde38f230dccc530bb4614d45f9be1f547677a2c9e On npm install, the package's preinstall lifecycle script runs wget against a hardcoded bare-IP HTTP endpoint, passing the output of id, pwd, hostnam...

@agent-native/core (>=0.26.5 <=0.28.5), @intlayer/backend (=8.7.0-canary.0) +6 more potentially affected by CVE-2026-45337 via better-auth (>=1.6.0 <=1.6.10)

better-auth NPM version =1.6.0, =0.26.5, =0.0.33, =0.2.0, =1.6.0, =0.1.2, =0.2.0 Source cves: CVE-2026-45337 Source advisory: SNYK:JS-BETTERAUTH-17173857...

Malicious code in @cloudways-lab/unified-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d7eef784b4e8296e2533e27c1afb116c4c519ac9adda0fbb53661ce6d01e060 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@baloise/design-system-components (>=0.0.0 <=15.2.4), @baloise/design-system-components-angular (>=0.0.0 <=15.2.4) +33 more potentially affected by unknown CVE via filesize.js (=2.0.0)

filesize.js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on filesize.js and may be impacted: - @baloise/design-system-components =0.0.0, =0.0.0, =0.0.0, =0.0.0-nightly-20230817143308, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0,...

@baloise/design-system-components (>=0.0.0 <=15.2.4), @baloise/design-system-components-angular (>=0.0.0 <=15.2.4) +33 more potentially affected by unknown CVE via filesize.js (=2.0.0)

filesize.js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on filesize.js and may be impacted: - @baloise/design-system-components =0.0.0, =0.0.0, =0.0.0, =0.0.0-nightly-20230817143308, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0,...

Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

MAL-2026-3653 Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3421 Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

Malicious code in experian-design-system-themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e90ccd6c3568a7aef645cab8ed450ccd3a6161c82b6e9ba03eab795510e35847 The package experian-design-system-themes was found to contain malicious code. Source: ghsa-malware...

Malicious code in components-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca129c441caef97d904867f91617f53799650e2f2deef3f531a3a18dfc917efa The package components-design-system was found to contain malicious code...

MAL-2026-1696 Malicious code in components-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca129c441caef97d904867f91617f53799650e2f2deef3f531a3a18dfc917efa The package components-design-system was found to contain malicious code...

Malicious code in navi-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68 The package navi-design-system was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1494 Malicious code in navi-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68 The package navi-design-system was found to contain malicious code. Source: ossf-package-analysis...