18 matches found
Malicious code in @43uh3ig43/telemetry-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37d4a096b834c0d9acdddefee09b0c6cb4d8c6f68513b2ebb4ec88424f491e89 On npm install, the package's preinstall, install, and postinstall lifecycle hooks all invoke telemetry.js, which collects host metadata OS,...
MAL-2026-2560 Malicious code in @b2b-portal/uch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eb419e1f7beb102007973e2d226cb2cb5f534096cbc2be8dc538324f3f19db The package @b2b-portal/uch was found to contain malicious code. Source: ghsa-malware e559f0d2d934ad98bda8c11ca6613644ecf3f2584bee7e75c7edf59ecda35d3...
MAL-2026-39 Malicious code in spire.officejs-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d5bc6046960bccab3120bb794cc2c868fa2bb41e0d35028f39e2e9ca9033a80 The package spire.officejs-common was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ajna-rewards-snapshot (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5ea81a48c03116271d6cc0fb54220dcc73b51b0ad8f01543f45365ec51c1de3 Any computer that has this package installed or running should be considered...
MAL-2025-48693 Malicious code in internal-links-autocomplete-id (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-48395 Malicious code in solhint-plugin-namechain (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac5d2de76e0cbceedfea435f9f5d9ef240571f3e422835020e1efa99f9dba392 Any computer that has this package installed or running should be considered...
Malicious code in hoodle-plugins-manager (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in ven0m90test (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-47860 Malicious code in postscribed (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-47412 Malicious code in suchinind (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a328ee17c3878f22beddf954e26fea98cfcedc0377a9aae3f9382b01cb55acf Any computer that has this package installed or running should be considered...
Malicious code in top-crawl-agents (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9696763f6821540dd1025eb17efe91e97175725aa5add6b347bfc09db48e33cc Any computer that has this package installed or running should be considered...
Malicious code in cwl_shared (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-41357 Malicious code in @navify-platform/http (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-6969 Malicious code in vsts-powershell-task (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in @toptal/picasso-accordion (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in meli-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 152f98442370419a0e0c3fb36c2e01d398741677238bd205877b136806a6922b The OpenSSF Package Analysis project identified 'meli-api-client' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in @amops/fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d9eb323a3c294832e925d2ed472560ab37507fc32711add225d99db97b08bc74 The OpenSSF Package Analysis project identified '@amops/fetch' @ 1.4.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in api-code-capture-chrome-extension (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1e44f89c4e3876559f46852c9a652c510df9384be3ffd0180e36f9fd64e8cfe The OpenSSF Package Analysis project identified 'api-code-capture-chrome-extension' @ 20.0.1 npm as malicious. It is considered malicious becaus...