Lucene search
K

6 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:55 p.m.5 views

Malicious code in npm-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc5c1992c3d9f33bca28c1ce098d769809e44a12a671972925815e9890e5e9f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/01 8:28 p.m.6 views

MAL-2026-6721 Malicious code in ts-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...

6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 2:24 p.m.8 views

Malicious code in new-eslint-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752e7f074edbf8521da2ee0b7c68c28a2f76d86576138df8f18e08aaa3a5c38 Package is published as 'new-eslint-1' but its package.json description, README, repository URL MikeMcl/big.js, and source are a verbatim copy of...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/06/19 2:24 p.m.8 views

MAL-2026-6225 Malicious code in new-eslint-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752e7f074edbf8521da2ee0b7c68c28a2f76d86576138df8f18e08aaa3a5c38 Package is published as 'new-eslint-1' but its package.json description, README, repository URL MikeMcl/big.js, and source are a verbatim copy of...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:59 a.m.15 views

Malicious code in eslint-helper-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfadd6e70cf70ee03d7aae8bfcaa916d29073c5e09ca614bfcb4538c3efc1832 Package masquerades as an ESLint helper but contains code in index.js that decodes base64 blobs through Buffer.from..., 'base64'.toString and pipes t...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/19 3:59 a.m.8 views

MAL-2026-6190 Malicious code in mjs-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3320fa37492448acdf24a86f8a8735a3fc4d3b329ad156e299a8089df39e2f28 The package decodes base64 string literals via Buffer.from..., 'base64'.toString and pipes the resulting content into execSync'bash...' and...

6.4AI score
Exploits0References2
Rows per page
Query Builder