9 matches found
Malicious code in @doaction/eventemitter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 865100529f6c19b1eff05a47c96abd2d4eb5dba0d4fc0af838c307c816072a20 The package is a thin shim. package.json declares preinstall: node scripts/postinstall.js, which requires @doaction/shared/bin/preinstall.js — meanin...
Malicious Package
Overview @doaction/eventemitter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
MAL-2026-5370 Malicious code in @doaction/eventemitter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 865100529f6c19b1eff05a47c96abd2d4eb5dba0d4fc0af838c307c816072a20 The package is a thin shim. package.json declares preinstall: node scripts/postinstall.js, which requires @doaction/shared/bin/preinstall.js — meanin...
MAL-2026-4555 Malicious code in events-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...
Malicious code in events-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...
Malicious code in spotify-eventemitter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5bfefa3eeb4c0a415c385266abb7dd2719fc3af7174b26baf471debe205ba6e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6255 Malicious code in spotify-eventemitter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5bfefa3eeb4c0a415c385266abb7dd2719fc3af7174b26baf471debe205ba6e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Improper handling of multiline messages in node-irc
node-irc is a socket wrapper for the IRC protocol that extends Node.js' EventEmitter. The vulnerability allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. Incorrect handling of a CR character allowed for making part of...
GHSA-52RH-5RPJ-C3W6 Improper handling of multiline messages in node-irc
node-irc is a socket wrapper for the IRC protocol that extends Node.js' EventEmitter. The vulnerability allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. Incorrect handling of a CR character allowed for making part of...