MAL-2026-5172 Malicious code in fundraiserserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c27dec042a9f69f24c1a2c860af27a2625740dbd7b7fc3d059659fae6f628c25 The OpenSSF Package Analysis project identified 'fundraiserserv' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in fundraiserserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c27dec042a9f69f24c1a2c860af27a2625740dbd7b7fc3d059659fae6f628c25 The OpenSSF Package Analysis project identified 'fundraiserserv' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in page-info-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4a2106922e9e3851658667cacaa2c2818cdb56cd0c4df6778c0cb7fbed2338e The OpenSSF Package Analysis project identified 'page-info-service' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5158 Malicious code in page-info-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4a2106922e9e3851658667cacaa2c2818cdb56cd0c4df6778c0cb7fbed2338e The OpenSSF Package Analysis project identified 'page-info-service' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5132 Malicious code in rookie-security-test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1af47f1485c4c5bd3c6ee3cb7330781c1892ebc8bea1c59b0a0045c49ab8c93d The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2026-5122 Malicious code in picnic-react-mise-en-place (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d57f4579f4e0842567d9e59bfa74af355f457cbfdfeabe0f65a9e6952f79aa34 The OpenSSF Package Analysis project identified 'picnic-react-mise-en-place' @ 9999.0.0 npm as malicious. It is considered malicious because: -...

Malicious code in js-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis adff3edac3c3ba1c04ba273f77d51c95d153b4e027ec4809b3d2f3c74a712a92 The OpenSSF Package Analysis project identified 'js-shared-modules' @ 1.11.7 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5098 Malicious code in js-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis adff3edac3c3ba1c04ba273f77d51c95d153b4e027ec4809b3d2f3c74a712a92 The OpenSSF Package Analysis project identified 'js-shared-modules' @ 1.11.7 npm as malicious. It is considered malicious because: - The package...

MAL-2026-4839 Malicious code in hellowornd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e9b9637d126bc60120f015b0af88898fae5cf613a015fd572ab74d2554e6d7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4836 Malicious code in nemo-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a43ec0a345170ad191fa1c25bdd4000595aa8ce733c6b9c69de6b65a1defb2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4353 Malicious code in mistral-workflows (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 845e7d9c00baa23350d566fee80621733db4faa141eea3f1f983d86b15fb020a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4263 Malicious code in secdriven (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e64bd0b65a5cddc6e2032cfdd0a23f06c980a25066490b223d07e1b2e4efe3d8 On npm install, postinstall.js executes whoami via childprocess and reads os.hostname, os.platform, the working directory, and CI / GITHUBREPOSITORY...

Malicious code in @citi-icg-171632/citicms-repo-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 88e5400167d9962139f78098013ac4e5eadeeaa76b8916ba246c5f6b2093f508 The OpenSSF Package Analysis project identified '@citi-icg-171632/citicms-repo-component' @ 99.9.1 npm as malicious. It is considered malicious...

MAL-2026-4256 Malicious code in @citi-icg-171632/citicms-repo-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 88e5400167d9962139f78098013ac4e5eadeeaa76b8916ba246c5f6b2093f508 The OpenSSF Package Analysis project identified '@citi-icg-171632/citicms-repo-component' @ 99.9.1 npm as malicious. It is considered malicious...

Malicious code in reactive-cdk-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4 package.json declares preinstall: node index.js, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync,...

MAL-2026-4252 Malicious code in @43uh3ig43/telemetry-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37d4a096b834c0d9acdddefee09b0c6cb4d8c6f68513b2ebb4ec88424f491e89 On npm install, the package's preinstall, install, and postinstall lifecycle hooks all invoke telemetry.js, which collects host metadata OS,...

Malicious code in private-next-pages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00c6505c70734328f859fa758ad45ba680403a4cfeedd60d2f9e035b026bd45c package.json declares a postinstall script that uses Node's childprocess to execute reconnaissance commands including whoami and beacon results out v...

Malicious code in stripe-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6add7fd3034c5b0d00e39e2cbfeb7c664085ef412612b53ebe9fd81767449be package.json declares a postinstall hook that auto-fires on npm install and performs reconnaissance + exfiltration against the installer. The inline...

MAL-2026-4184 Malicious code in stripe-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6add7fd3034c5b0d00e39e2cbfeb7c664085ef412612b53ebe9fd81767449be package.json declares a postinstall hook that auto-fires on npm install and performs reconnaissance + exfiltration against the installer. The inline...

Malicious code in did-0091 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a50f30be232b343bc9dff677d6c208f16fff861009dccc9f76409d37264205b On npm install, the package's postinstall script runs node -e to fetch the installer's public IP from api.ipify.org, execute id || ver && whoami &&...