MAL-2026-4246 Malicious code in python-env-auditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...

MAL-2026-2631 Malicious code in babel-plugin-blocks (npm)

Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...

Malicious code in ftm-noderpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48bffc97a9e30f15aaeea633df39ff0ab500a8f4aeee9757390e0d0e2393e9d9 The package ftm-noderpc was found to contain malicious code. Source: ghsa-malware b2c3dc311c3d101881ee473edd9232f94c95686770a45f681038070507407fc2 An...

Malicious code in alifx-media-downloader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8716d89d3543726f75604dccfd9a5ab777f48047bb3aa028cdc047c77d1b9dc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/ipsam-officia (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6490841eb885d4711d6a5e5a41e93e85704f8da80f267e9a5cf4fb7de5684653 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @juiggitea/dolorem-eius-fuga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3d11af956dfecb2b78e35fcb03a281d3d3d323efff92d5822681014b5ae3377c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in the-universe-has-your-back-transform-fear-to-faith-by-gabrielle-bernstein-on-iphone-full-pages- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd2dda2348af7d4384cb9a35d0387e5b87503b49779170d897bca656ab712b0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in matic-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f86c86d3e42f1a874421dd446c136e620e387b8672356395e507a8517fd2b1e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...