4 matches found
MAL-2026-4728 Malicious code in web-dotenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd19476eeb1c31707abe6fac6f52dbd1950a0dc25f4854ea5269d6400f8ea37 web-dotenv impersonates the widely-used dotenv package: its package.json copies dotenv's repository git://github.com/motdotla/dotenv.git and homepage...
Malicious code in security-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...
MAL-2026-3759 Malicious code in env-threads (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb511e0bf06367ec0341939aa68ee55859344c6ca6cb8d9f55f7e62cdcc8656 Package env-threads impersonates the legitimate dotenv package: its README, repository URL git://github.com/motdotla/dotenv.git, homepage, descriptio...
MAL-2026-3758 Malicious code in dotenvv-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fd33c6e511ab11f10b1dae91e2f083f486dd020bbf2dca5256eabc904f61b7 Package name dotenvv-tool impersonates the popular dotenv package; index.js is an admitted dummy stub "The real payload is in postinstall.js". The...