Malicious code in eslint-plugin-executable-stories-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in eslint-plugin-awaitly (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

ROOT-APP-NPM-CVE-2025-50537 CVE-2025-50537 in @rootio/eslint - Patched by Root

Root has patched CVE-2025-50537 in the @rootio/eslint package for Root:npm. Multiple fixed versions available...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

@bassist/eslint-config (>=0.3.0 <=0.5.0), @bassist/oxc-integration (>=0.1.0 <=0.2.0) +7 more potentially affected by unknown CVE via @lint-md/core (>=2.0.0-beta.14 <=2.0.0)

@lint-md/core NPM version =2.0.0-beta.14, =0.3.0, =0.1.0, =2.0.0, =4.1.0, =1.1.0, =1.19.7, =1.1.0, =1.0.0, =1.3.4, =1.3.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4124...

@bassist/eslint-config (>=0.3.0 <=0.5.0), @bassist/oxc-integration (>=0.1.0 <=0.2.0) +10 more potentially affected by unknown CVE via @lint-md/parser (>=0.0.11 <=0.0.9)

@lint-md/parser NPM version =0.0.11, =0.3.0, =0.1.0, =2.0.0, =2.0.0, =2.1.4, =2.1.4, =4.1.0, =1.1.0, =1.19.7, =1.1.0, =1.0.0, =1.3.4, =1.3.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4125...

Malicious code in @tanstack/eslint-plugin-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b955b97c1476120c292ac6f7089a3d876161555205940838c49e6b09abe08e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/eslint-plugin-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff80f01eaa71625ecdc195880a0c0f1ef71da7fa81d01422abf9634f74b5d6be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3461 Malicious code in @tanstack/eslint-plugin-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff80f01eaa71625ecdc195880a0c0f1ef71da7fa81d01422abf9634f74b5d6be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@2digits/eslint-config (>=4.10.0 <=5.1.10), @yunarch/config-web (>=0.1.0 <=0.7.6) potentially affected by CVE-2026-45321 via @tanstack/eslint-plugin-router (>=1.115.0 <=1.155.0)

@tanstack/eslint-plugin-router NPM version =1.115.0, =4.10.0, =0.1.0, =0.7.6 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKESLINTPLUGINROUTER-16640202...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23870 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

Malicious Package

Overview eslint-plugin-skyscanner-dates is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

MAL-2026-3202 Malicious code in eslint-plugin-skyscanner-dates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa3152c92c23ebec42990f14c77642de971e5a5464b0e7c25ecdea012ac81e4 The package eslint-plugin-skyscanner-dates was found to contain malicious code. Source: ghsa-malware...

Malicious code in eslint-plugin-skyscanner-dates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa3152c92c23ebec42990f14c77642de971e5a5464b0e7c25ecdea012ac81e4 The package eslint-plugin-skyscanner-dates was found to contain malicious code. Source: ghsa-malware...

Malicious code in eslint-plugin-totara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96447eb1f41df9da2d8e298530e25265374244a3e23279006ca447a8a5b0c0bd The package eslint-plugin-totara was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2846 Malicious code in eslint-plugin-totara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96447eb1f41df9da2d8e298530e25265374244a3e23279006ca447a8a5b0c0bd The package eslint-plugin-totara was found to contain malicious code. Source: ossf-package-analysis...

Malicious Package

Overview eslint-validator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2300 Malicious code in eslint-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bd32859b79bc7696823cfd3fb1a51a5036a19dd9e92b88f4c3cbc2d06fca8a9 The package eslint-validator was found to contain malicious code. Source: ghsa-malware b74db6c61aeb8e5a3729f1f8e311559e5203aab14dd2c8ec8c87ccb868a1ff...

Malicious code in eslint-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bd32859b79bc7696823cfd3fb1a51a5036a19dd9e92b88f4c3cbc2d06fca8a9 The package eslint-validator was found to contain malicious code. Source: ghsa-malware b74db6c61aeb8e5a3729f1f8e311559e5203aab14dd2c8ec8c87ccb868a1ff...