MAL-2025-41277 Malicious code in donuts.node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bd852600a317ae1df99af9e6cede53d3f54d36b9a400ca672eff6a7146818a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in donuts.node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bd852600a317ae1df99af9e6cede53d3f54d36b9a400ca672eff6a7146818a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in donuts.node-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6b8d6fee5827de9688cc9b83812dc32e54e33531a0bd2fd179dc3e2935564dc7 The OpenSSF Package Analysis project identified 'donuts.node-build' @ 99.99.104 npm as malicious. It is considered malicious because: - The...

Malicious Package

Overview donuts.node-build is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious code in donuts.node-remote (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 589d937e738773f2893caf9608e4b93c3616dad1f93e5d6dc62834864e46182e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview donuts.node-weak is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...