MAL-2026-1711 Malicious code in dotenv-int (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ff3b8c2dda09766587481490c9be74a1af10a9660698a8f7b8f31a7df47bc96 The package dotenv-int was found to contain malicious code...

Malicious code in dotenv-int (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ff3b8c2dda09766587481490c9be74a1af10a9660698a8f7b8f31a7df47bc96 The package dotenv-int was found to contain malicious code...

MAL-2026-1710 Malicious code in dotenv-cli-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 914751db31692fb4c83c9e8e3e2fed123b349d261368499b9caf33dc411b62cd The package dotenv-cli-node was found to contain malicious code...

Malicious code in dotenv-cli-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 914751db31692fb4c83c9e8e3e2fed123b349d261368499b9caf33dc411b62cd The package dotenv-cli-node was found to contain malicious code...

`time_calibrators` was removed from crates.io due to malicious code

The timecalibrators crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-03 approximately 3 hours before removal and had no evidence of actual downloads. There were no crates...

`time_calibrators` was removed from crates.io due to malicious code

The timecalibrators crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-03 approximately 3 hours before removal and had no evidence of actual downloads. There were no crates...

Malicious Package

Overview node-dotenv-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in node-dotenv-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76b47bebee6a74c00d3be10fad072e05074a62b29205377f682463290bad39c3 The package node-dotenv-cli was found to contain malicious code. Source: ghsa-malware 5bb66069e2bde985ae448962eaaf6373cd54aa2cd51fb20a0fef26ecb5dee2d...

MAL-2026-853 Malicious code in node-dotenv-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76b47bebee6a74c00d3be10fad072e05074a62b29205377f682463290bad39c3 The package node-dotenv-cli was found to contain malicious code. Source: ghsa-malware 5bb66069e2bde985ae448962eaaf6373cd54aa2cd51fb20a0fef26ecb5dee2d...

Malicious code in @uniconvex/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9923bfe725516dd977cac2af8acddb303e705ef37278ce10e2b84027511df62 The package @uniconvex/dotenv was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @uniconvex/dotenv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-721 Malicious code in dotenv-embedded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07a4c23212d813ad58db347e1a5a152b003e1085b18036f047755d05de52fe0b The package dotenv-embedded was found to contain malicious code. Source: ghsa-malware bf0cfff747361e3a51fbd35f3018e05312b4bd030890362b89821789ab2adb5...

Malicious Package

Overview dotenv-embedded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in dotenv-embedded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07a4c23212d813ad58db347e1a5a152b003e1085b18036f047755d05de52fe0b The package dotenv-embedded was found to contain malicious code. Source: ghsa-malware bf0cfff747361e3a51fbd35f3018e05312b4bd030890362b89821789ab2adb5...

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

Malicious Package

Overview dotenv-embed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in dotenv-embed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bbecb8b9bb96fcd71af0764df5106d8163ccb94c21960bf858383ab85d10308 The package dotenv-embed was found to contain malicious code. Source: ghsa-malware eb5a7942b654b4da1fb16e67f19ca82b3b52c4fcce4db85e9d5596571651c6b7 A...

MAL-2026-589 Malicious code in dotenv-embed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bbecb8b9bb96fcd71af0764df5106d8163ccb94c21960bf858383ab85d10308 The package dotenv-embed was found to contain malicious code. Source: ghsa-malware eb5a7942b654b4da1fb16e67f19ca82b3b52c4fcce4db85e9d5596571651c6b7 A...

EUVD-2026-3715

Malicious code in dotenv-expanded npm...

Malicious Package

Overview dotenv-expanded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...