487 matches found
Malicious code in @zimmo/last_search (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbddb0ebcd12d13ef5eb1f2cb4e0e41f49b00808e4d23a15b5c22b7ecb23da4d The package's preinstall hook runs index.js on every npm install. The script collects host identity data — os.hostname, os.userInfo.username, dirname...
MAL-2026-5286 Malicious code in encrypted-archive (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c60d89261c09dc6eaea0a3af26af55519421cb927a1b8183009d09b2d4e99b94 On npm install, the package executes a preinstall hook package.json "preinstall": "node index.js || true" that runs index.js, which performs a DNS...
Malicious code in cms-store-ren (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3593e36ce898d648883ea6f911a5cec1f75f9e8bda5585f7ff5f8754c821de The package's scripts.install runs install.js on every npm install. The script unconditionally POSTs the installer's hostname, OS, and architecture t...
Malicious code in unleash-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3315b3ff9fe481a7a008cff1227c2449dd8762bdf0abbe1a6194954306c745d [email protected] is an empty stub package index.js exports , 35 bytes; no author, no description whose sole effect is to pull a chained dependency...
MAL-2026-4169 Malicious code in paysafe-gbp-virtual-assistant-lib-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 940faf3ecfa6ee3c09c995a5f124d4a3b53bf2e2e5eaccea8156ce7bd25494eb The package paysafe-gbp-virtual-assistant-lib-fe was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in citrea-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd20c7509b081678aafda4ba6ba713f0604260082e2a52d79f0fb94a49a2ba52 The package citrea-sdk was found to contain malicious code. Source: ghsa-malware da76b8e09db42c5bea1b9b971c8ea392e906f297b2931f289c3960ffc04a6e3f Any...
Malicious code in deepl-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f09b2cb596d2186d9533b703e85192087a2722c8307c51428330658f1972c3a The package deepl-sync was found to contain malicious code. Source: ghsa-malware 901de6816216276cc07830e358c2cae608d89087dba87b4acf0562604011e504 Any...
Malicious code in cplace-bmw-emt-mvp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b6d2d57176a41f11e925988396ad8549efc86508c1cc13a7130871f48c15b33 The package cplace-bmw-emt-mvp was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @matjp/dvi-decode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 285904d13f5d698c3c33461fe969265ca73c3041db80eabe5637c1ebd3f3ca9b The package @matjp/dvi-decode was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3373 Malicious code in owa-analytics-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a42250298e29b58f2cfe75c1d362637e2c31f1a1ef9b9cfbe5d9ff0475fb8 The package owa-analytics-utils was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in mrdaa-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...
Malicious code in 24712-pl5006 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2546cdc76edb1f8a93dcf66c855ca6246bb0d4ed76c72a7fd3c1aec44f34761 The package 24712-pl5006 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in money-badger-open-rpc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3334 Malicious code in fanduel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2d9b4e8ab1ef054d5774929963bc61b004f7914e48179850c51f77e67410a41 The package fanduel was found to contain malicious code. Source: ossf-package-analysis 49d980743cd761f6fb629d32e14864e720d1269e4208ec9e0f075c5e9f6eb4...
Malicious code in supertag (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8af13a06fb931a42d83e13b19fd998ff62e59ef3d56302bfe9d257e07e2bad46 The OpenSSF Package Analysis project identified 'supertag' @ 99.1.1 crates.io as malicious. It is considered malicious because: - The package...
Malicious code in wm-plugin-teach-me-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8892d058e7f10e304a86eea230ef7fa8fbf9a76da1d09b60f5498305690d4bc The package wm-plugin-teach-me-widget was found to contain malicious code. Source: ghsa-malware...
Malicious code in model-poc-suhail (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0077cfbeca02c255952633606e9fc0c50ef11fe0e50a083f9ab632b6ee01569 The package model-poc-suhail was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @bmg-web/bmg-external-link (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6373b00808251dd64521cfb1864a0bf382c5df23e976984dea8dbebf925bbb63 The package @bmg-web/bmg-external-link was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2927 Malicious code in pa-marked (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e01d64e50dea2a8be10707dbd49869a6bcea570bf26829a1738ca2237882249 The package pa-marked was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2861 Malicious code in vinext-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5c7279d5c84c989a0deef7944c5d1d22b89651bdc01da8fc5144622a8fc74cb The package vinext-monorepo was found to contain malicious code. Source: ossf-package-analysis...