Malicious code in veteran-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...

MAL-2026-3767 Malicious code in node-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1593e77b5e2763e7ace49c239accedfe30209faea11bc07cf3901a7253798444 On require'node-ci-utils', index.js runs a top-level init that, on Linux, creates a hidden directory /.local/share/.nodecache/, downloads an opaque...

Malicious code in typography-stylecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4eeb50f69746fd21696baaa7d3534bbd22489edb037742ca591d49ca88981f70 The package impersonates the legitimate @tailwindcss/typography plugin: README, src/index.js, src/utils.js, and src/styles.js are copied verbatim fro...

MAL-2026-37 Malicious code in aoohttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9d3438b2d065c0535b5ac80ce789201be4f8095642d0f10a20a7da13d46152f8 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

MAL-2026-36 Malicious code in aiohtto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9338a4f3f167cf0ba279696ac9ae9bae26219391e2a87a805cc8bb92b4cddd6e Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...