MAL-2026-3466 Malicious code in @tanstack/react-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2583e447a99e68ab9e3a7562a7a9693e1c09de387a824f47a07f325e3b5b4d39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@nocobase/devtools (>=2.0.0-alpha.2 <=2.0.0-alpha.51), @nocobase/server (>=2.0.0-alpha.2 <=2.0.0-alpha.51) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=2.0.0-alpha.2 <=2.0.0-alpha.51)

@nocobase/auth NPM version =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.51 Source cves: CVE-2025-13877 Source advisory: SNYK:JS-NOCOBASEAUTH-14287473...

Malicious code in @actbase/react-native-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6903aaa72b2c62de00654968d7729b4fd07bfa78bf68f14c1ee924f6c5dde9c2 The package @actbase/react-native-devtools was found to contain malicious code. Source: ghsa-malware...