Malicious code in dynamic-import-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e6f301178847664c047f34b5ce64b443f6162b3a0c5113fed22a3a9d1bfcd793 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

MAL-2025-49028 Malicious code in only-warn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf31c0df9e000c5a762fa04ecbaf0f9dd09103bcf544ca0aaebd43193b096a5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @js-to-lua/lua-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ddfe717b22bb57e4e1887887c45646abfa625e1d566049a635b86193170cdf9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-19031 Malicious code in dynamic-import-webpack (npm)

The package dynamic-import-webpack was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6f9cf66ec7ebae846d89e7ce18fbdb1318e4cd99bf61c0e719bd78ce8c6aabe1 This package installs a dependency hosted on a custom domain that...