2 matches found
Malicious code in ts-webplug (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a205cee3f545c9dd5083055f8dad50c5e131603bf50d37bbb3f7ef5a744d88f [email protected] impersonates the pino logger exports named pino, lib/ tree mirroring pino's file layout, keywords fast/logger/stream/json but its ma...
MAL-2026-5605 Malicious code in chai-as-victimed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b60cf728d4e2f5932f37d3e420649f6facc08959a8380a4724ec9e885b88754 Package name impersonates chai-as-promised but ships a remote-code dropper. lib/caller.js base64-decodes a hardcoded URL pointing to...