Malicious code in @tanstack/eslint-plugin-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b955b97c1476120c292ac6f7089a3d876161555205940838c49e6b09abe08e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@2digits/eslint-config (>=4.10.0 <=5.1.10), @yunarch/config-web (>=0.1.0 <=0.7.6) potentially affected by CVE-2026-45321 via @tanstack/eslint-plugin-router (>=1.115.0 <=1.155.0)

@tanstack/eslint-plugin-router NPM version =1.115.0, =4.10.0, =0.1.0, =0.7.6 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKESLINTPLUGINROUTER-16640202...

Malicious Package

Overview eslint-plugin-skyscanner-dates is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

MAL-2026-3202 Malicious code in eslint-plugin-skyscanner-dates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa3152c92c23ebec42990f14c77642de971e5a5464b0e7c25ecdea012ac81e4 The package eslint-plugin-skyscanner-dates was found to contain malicious code. Source: ghsa-malware...

Malicious code in eslint-plugin-skyscanner-dates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa3152c92c23ebec42990f14c77642de971e5a5464b0e7c25ecdea012ac81e4 The package eslint-plugin-skyscanner-dates was found to contain malicious code. Source: ghsa-malware...

Malicious code in eslint-plugin-totara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96447eb1f41df9da2d8e298530e25265374244a3e23279006ca447a8a5b0c0bd The package eslint-plugin-totara was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2846 Malicious code in eslint-plugin-totara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96447eb1f41df9da2d8e298530e25265374244a3e23279006ca447a8a5b0c0bd The package eslint-plugin-totara was found to contain malicious code. Source: ossf-package-analysis...

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +1151 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =8.3.0, =1.0.25, =0.0.17, =0.0.47, =0.0.1, =1.0.0, =1.0.0, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =14.0.0-next.1 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...

MAL-2026-1729 Malicious code in eslint-plugin-superhuman-custom-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e50258e14acd3712854f3059d043b8c4982563ab8d401555b253702a3212279 The package eslint-plugin-superhuman-custom-rules was found to contain malicious code...

MAL-2026-522 Malicious code in magento-coding-standard-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 181566f148b6cac8ad613b2942849254b7a6968bbe5e16a9d009aaa8e4184b25 The package magento-coding-standard-eslint-plugin was found to contain malicious code. Source: ghsa-malware...

Malicious code in eslint-plugin-fuel-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99675eb06a245907c7a2133cf7d75af3037229a059d0a135bf8c3d518432a6a4 The package eslint-plugin-fuel-react was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-323 Malicious code in eslint-plugin-fuel-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99675eb06a245907c7a2133cf7d75af3037229a059d0a135bf8c3d518432a6a4 The package eslint-plugin-fuel-react was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2026-1380

Malicious code in eslint-plugin-supertest npm...

Malicious Package

Overview eslint-plugin-supertest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious code in eslint-plugin-supertest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e51e22e6032e74b136ec2615b38bd5801cca8f5a4ef8a09747a442b656ec17 The package eslint-plugin-supertest was found to contain malicious code. Source: ghsa-malware...

MAL-2026-100 Malicious code in eslint-plugin-supertest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e51e22e6032e74b136ec2615b38bd5801cca8f5a4ef8a09747a442b656ec17 The package eslint-plugin-supertest was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199913

Malicious code in eslint-plugin-react-hooks-published npm...

eslint-plugin-ceviz (=0.0.4) potentially affected by unknown CVE via ceviz (=0.0.4)

ceviz NPM version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on ceviz and may be impacted: - eslint-plugin-ceviz =0.0.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191390...

MAL-2025-191346 Malicious code in @voiceflow/eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67cd8ae1f7314aac775c05ede8c705af3cba9d1a6513674495b86e0fa1f822b4 The package @voiceflow/eslint-plugin was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...