30 matches found
Malicious code in rio-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...
MAL-2026-6956 Malicious code in rio-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...
Malicious code in @openwebconcept/design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e6761494cb35b1f5bc9024f23f67a6e896a857233d68bb56e75c683a1893391 The package @openwebconcept/design-tokens was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2993 Malicious code in @openwebconcept/design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e6761494cb35b1f5bc9024f23f67a6e896a857233d68bb56e75c683a1893391 The package @openwebconcept/design-tokens was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview @openwebconcept/design-tokens is a Shared design tokens for NL Design System Affected versions of this package are vulnerable to Embedded Malicious Code that injects a credential-harvesting script that runs via postinstall on every npm install. It demonstrates TeamPCP-style CanisterWorm...
Malicious code in @nxt-costco-com/forge-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86e4556dfaa2a30079bf31edd7c9a378deacc22b763f547a4b825d57945debef The package @nxt-costco-com/forge-design-tokens was found to contain malicious code...
MAL-2026-1632 Malicious code in @nxt-costco-com/forge-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86e4556dfaa2a30079bf31edd7c9a378deacc22b763f547a4b825d57945debef The package @nxt-costco-com/forge-design-tokens was found to contain malicious code...
Malicious Package
Overview @alaska-its/design-tokens is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2025-198331
Malicious code in @ra-ftds/ra-flourish-design-tokens npm...
MAL-2025-190588 Malicious code in @ra-ftds/ra-flourish-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72b65d4ce1abb0b35aca62b21968c19b6e8e99ec60962be31a4179ba5f22bec The package @ra-ftds/ra-flourish-design-tokens was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @healthbyro/design-tokens (npm)
The package @healthbyro/design-tokens was found to contain malicious code...
Malicious code in @sellerly-kit/design-tokens (npm)
The package @sellerly-kit/design-tokens was found to contain malicious code...
MAL-2025-9299 Malicious code in @sellerly-kit/design-tokens (npm)
The package @sellerly-kit/design-tokens was found to contain malicious code...
MAL-2025-7987 Malicious code in @healthbyro/design-tokens (npm)
The package @healthbyro/design-tokens was found to contain malicious code...
Malicious code in @laredoute/design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e56fdae15fb0b525a4212e71ff9dd4ec7cd0e3f4076552ec379c49c8f4a4e899 The OpenSSF Package Analysis project identified '@laredoute/design-tokens' @ 0.1.55 npm as malicious. It is considered malicious because: - The...
Malicious code in compound-design-tokens (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e796e34437556a1ebb4437a1047206b9f42ef8ee3426f6aacad4ac14b318c41c Any computer that has this package installed or running should be considered...
MAL-2025-5224 Malicious code in compound-design-tokens (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e796e34437556a1ebb4437a1047206b9f42ef8ee3426f6aacad4ac14b318c41c Any computer that has this package installed or running should be considered...
MAL-2025-3322 Malicious code in @sporta-technology/d11-web-components.design-tokens (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @hyattcorp/design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58f37a41edefebdd744efb01380e035aad567082e7fa96361effc44e4e9f1b49 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3169 Malicious code in @hyattcorp/design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58f37a41edefebdd744efb01380e035aad567082e7fa96361effc44e4e9f1b49 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...