1667 matches found
Malicious code in @across-toolkit/eslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c7f4d3a8ae39148bf9964aef6bfe64bc57393c27a28d8e953b30c92442c4b33 @across-toolkit/[email protected] runs a postinstall.js script on npm install that harvests installer-side secrets and posts them to a hardcoded...
MAL-2026-10514 Malicious code in nodemon-eslint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c506d75221403cde50b724defdd5c71441614ab87b54ff1ffa2a24af89678e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in nodemon-eslint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c506d75221403cde50b724defdd5c71441614ab87b54ff1ffa2a24af89678e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in eslint-jest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8908ac72050dded53e2e163c528a446b7a4fd7a37a4874e14f95b08265f043c4 The package presents itself as an ESLint-inside-Jest runner but the documented linkProject/lintFiles/createJestRunner API is not implemented. The...
Malicious code in ts-eslint-jest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1ffed26d2d64bf9076210504de22b87e27a065821dedbc708fb05f7c47db74 The package [email protected] presents as a TypeScript/ESLint/Jest helper but ships lib/collect.js, which imports childprocess and invokes...
Malicious code in babel-eslint-parser-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85a6f04cbf0697b6ae409fb9e5ad0e25812dac6a2f43bd95722f1903ee2f71f7 Package name babel-eslint-parser-legacy is a one-suffix confusion against the legitimate babel-eslint-parser. The package's own main is an empty stub...
Malicious code in npm-eslint-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc5c1992c3d9f33bca28c1ce098d769809e44a12a671972925815e9890e5e9f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6721 Malicious code in ts-eslint-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...
Malicious code in eslint-commit-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fc51e200a141d1dbbb4f7eb9e5e3dec18507572e5dc9562278713c554fad195 The package is published under the name eslint-commit-parser but its contents are a verbatim copy of the supertest HTTP-testing library — package.jso...
MAL-2026-6333 Malicious code in mjs-eslint-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e95cb81c6a1238d751c013def46001948b388083e0d91f7baa5077091ae006 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in mjs-eslint-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e95cb81c6a1238d751c013def46001948b388083e0d91f7baa5077091ae006 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in new-mjs-eslint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4ae24b182a00059424b8ea4800927bbbf662f0e6bf20264af611d37203a3f2e Package is published under the unrelated name 'new-mjs-eslint' but ships a verbatim copy of the big.js decimal-arithmetic library original...
MAL-2026-6226 Malicious code in new-mjs-eslint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4ae24b182a00059424b8ea4800927bbbf662f0e6bf20264af611d37203a3f2e Package is published under the unrelated name 'new-mjs-eslint' but ships a verbatim copy of the big.js decimal-arithmetic library original...
Malicious code in new-eslint-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752e7f074edbf8521da2ee0b7c68c28a2f76d86576138df8f18e08aaa3a5c38 Package is published as 'new-eslint-1' but its package.json description, README, repository URL MikeMcl/big.js, and source are a verbatim copy of...
MAL-2026-6225 Malicious code in new-eslint-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752e7f074edbf8521da2ee0b7c68c28a2f76d86576138df8f18e08aaa3a5c38 Package is published as 'new-eslint-1' but its package.json description, README, repository URL MikeMcl/big.js, and source are a verbatim copy of...
Malicious code in eslint-helper-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfadd6e70cf70ee03d7aae8bfcaa916d29073c5e09ca614bfcb4538c3efc1832 Package masquerades as an ESLint helper but contains code in index.js that decodes base64 blobs through Buffer.from..., 'base64'.toString and pipes t...
Malicious code in mjs-eslint-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3320fa37492448acdf24a86f8a8735a3fc4d3b329ad156e299a8089df39e2f28 The package decodes base64 string literals via Buffer.from..., 'base64'.toString and pipes the resulting content into execSync'bash...' and...
MAL-2026-6190 Malicious code in mjs-eslint-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3320fa37492448acdf24a86f8a8735a3fc4d3b329ad156e299a8089df39e2f28 The package decodes base64 string literals via Buffer.from..., 'base64'.toString and pipes the resulting content into execSync'bash...' and...
Malicious code in eslint-plugin-mistica-local-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d21f50741178986b63d1f330373131c2f3f502a5b94e76ca921ce185fab123 package.json declares a preinstall hook that runs index.js automatically on npm install. index.js collects host identity os.hostname, os.platform,...
MAL-2026-5703 Malicious code in eslint-plugin-mistica-local-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d21f50741178986b63d1f330373131c2f3f502a5b94e76ca921ce185fab123 package.json declares a preinstall hook that runs index.js automatically on npm install. index.js collects host identity os.hostname, os.platform,...