142 matches found
Malicious code in foundy-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d117fe522ec0aee9271963b02fb9a61b7e5005b5494331368b58f46c05c944cd On npm install, the package's postinstall script runs an inline node -e that shells out to curl -fsSL against an ephemeral Pinggy free-tier tunnel ho...
MAL-2026-3276 Malicious code in accesso-angular-cache-buster (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efe1cff5329801850c1249ccfee1e905acc9e221c3bd424534068908f73b5a07 The package accesso-angular-cache-buster was found to contain malicious code. Source: ghsa-malware...
Malicious code in vime-azl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...
MAL-2026-2853 Malicious code in react-hook-form (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ae372e5061ef357237d48a7812ca65bbc3a49b8a57153df5812d17e9d8eeaa The package react-hook-form was found to contain malicious code. Source: ghsa-malware 5aa9ba7a4ea0b89453bdd073b8ffb80b6e3baab6684d5652a1e898c2bacb5a6...
Malicious code in ahmed_salem_ph (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45bfa2da9e04507b1c6e4fbde5f9ce1d57ce0f499596b2fafc61afb4d544fc4a The package ahmedsalemph was found to contain malicious code. Source: ghsa-malware 911051e187786828f6d65957478aad7f1c354940c6ee7f425dc8a779e4c9e039 A...
Malicious code in eslint-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bd32859b79bc7696823cfd3fb1a51a5036a19dd9e92b88f4c3cbc2d06fca8a9 The package eslint-validator was found to contain malicious code. Source: ghsa-malware b74db6c61aeb8e5a3729f1f8e311559e5203aab14dd2c8ec8c87ccb868a1ff...
Malicious code in netflixid (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 959c71962643ba913ba0ec6bc9e5eb59a0b0546194ef23c12bbd7ba4996c60f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-1502 Malicious code in better-styled-components (npm)
The package 'better-styled-components' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1418 Malicious code in tailwind-mainanimation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64236873269f6da90599a0e0136ce22979e4bbfd8103cf4850e42c1179ae6cb5 The package tailwind-mainanimation was found to contain malicious code. Source: ghsa-malware...
Malicious code in @yaoii-bails/yaoii-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ed396f1228bb5c4f785eb68f0563d53d27b54cffad2128d602febec05f02231 The package @yaoii-bails/yaoii-baileys was found to contain malicious code. Source: ghsa-malware...
MAL-2026-453 Malicious code in @fortinet/fortigate-autoscale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6100c8f444b32630601fbeee65c6af9df19979345ea5dc04740f40356c188e06 The package @fortinet/fortigate-autoscale was found to contain malicious code. Source: ghsa-malware...
MAL-2026-389 Malicious code in genki-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e636da349bfd5c22a704e2651968ebd55878349304e3f3d69904853a440aa407 The package genki-analytics was found to contain malicious code. Source: ghsa-malware 791197b134fc48f105a6db2a597a13ea389bd70b75daa689a891a96ba1d251e...
Malicious code in mw-proto-models (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a365899ad5e810104ab4af3dee30bf4bb6ba242dfe2bac8a8b6dce2ce4940dd8 The package mw-proto-models was found to contain malicious code. Source: ghsa-malware 1e2b22967998e78acece8a85fd589aaf543b7744c652af4973aeb8b5b67391a...
MAL-2026-176 Malicious code in mixpanel-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b11bdefc18a5b590716cefe2036f1f759ccb42fd3c22c420ac524a479ff9f01 The package mixpanel-lib was found to contain malicious code. Source: ghsa-malware 03fe07795e21df3debb6abf06b5b47f19ddd7996e5be6b06d8dd07fa37e7cd2f A...
Malicious code in spark-ar-core-libs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1285c72e9b251b778e8914d717f3408a94460a9f9aca70a65945e4c510c5651f The package spark-ar-core-libs was found to contain malicious code. Source: ghsa-malware...
MAL-2026-81 Malicious code in upgrade-mobile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50fddf8ed26118557ffdca771219746de0194477c83724370ef30b18d858b1d0 The package upgrade-mobile was found to contain malicious code. Source: ghsa-malware a26e290558ffe604a105aa63eb83a2f6aae1e8656e947908c9d29c3c3b7632db...
Malicious code in smartspacestoreapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 131fda466c1132087962cfaaecf0a2f836548024dd31f9f0982764d87534c931 The package smartspacestoreapp was found to contain malicious code. Source: ghsa-malware...
Malicious code in @kong/spec-renderer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb95018d12b664fc03fb69a58512ad0f479a61403b520ae8b325153404f3e14b The package @kong/spec-renderer was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191426 Malicious code in simplejsonform (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d512e223b9a2375fd46539f1b0434e092f755c299f20b1d054c538228d266436 The package simplejsonform was found to contain malicious code. Source: ghsa-malware fd81fbb7b9cb8cfc5e4444da9cd2d18ed54ec4b7bb741f0ad95a56ce29a5edd0...
Malicious code in tenacious-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61051d9fdf4393e5d5b5336a35ce010a5bd613ab5e8c9b1f45c9c3a409f365c5 The package tenacious-fetch was found to contain malicious code. Source: ghsa-malware 0c44fc9d1c7099876e590cd69eb0d5ff3928dcc439cfe74cce255584a3455cf...