1820 matches found
Malicious code in yelp-react-component-chaos (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 888a90bd95ca140a3cc5946c0f1a7bf5b52f04ac2f7732722de7db72ec409801 The OpenSSF Package Analysis project identified 'yelp-react-component-chaos' @ 8.14.5 npm as malicious. It is considered malicious because: - Th...
Malicious code in quickwinston (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 304b4e430bff604f20121bc97398fa6ee18a25c16187d31b6553248bc54e63c7 The OpenSSF Package Analysis project identified 'quickwinston' @ 3.19.3 npm as malicious. It is considered malicious because: - The package...
MAL-2026-5366 Malicious code in zer0one-dnslog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 61ff41f8e8f8f87ab7d1d60d8bed288957cbfa3352dfc6478b12f628c93c51c9 The OpenSSF Package Analysis project identified 'zer0one-dnslog' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in @solana-labs/web3-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 99d2ea7302fd72532bbe21dd885a0c456599e7fb1e8055977e35ae563236e530 The OpenSSF Package Analysis project identified '@solana-labs/web3-js' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...
MAL-2026-5363 Malicious code in @solana-labs/web3-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 99d2ea7302fd72532bbe21dd885a0c456599e7fb1e8055977e35ae563236e530 The OpenSSF Package Analysis project identified '@solana-labs/web3-js' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...
MAL-2026-5362 Malicious code in @solana-labs/etherjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3c9e260b3ed97dca42969f7b7836399ce071c4708cffd473bd6b3cf62925401 The OpenSSF Package Analysis project identified '@solana-labs/etherjs' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...
MAL-2026-5188 Malicious code in hello244a (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3d7e9578338cca22e41d1ac1345136162b5441eb57090bb89fbc73bd37976c71 The OpenSSF Package Analysis project identified 'hello244a' @ 1.0.4 npm as malicious. It is considered malicious because: - The package...
MAL-2026-5168 Malicious code in vg-interaction-model (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261 The OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 npm as malicious. It is considered malicious because: - The...
Malicious code in align_rest_api (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3b4fd5fe3e581dc76f4fbe187da4427e159ff73a717a99c2f519af87ca7b2c8 The OpenSSF Package Analysis project identified 'alignrestapi' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The packa...
Malicious code in @neon-i18n/core-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...
Malicious code in editorial-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2026-4830 Malicious code in editorial-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2026-4832 Malicious code in mse-authentication (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a953627a77037de50d82384daca1d98d101c4c09b315ab91fd597a43557fbd99 The OpenSSF Package Analysis project identified 'mse-authentication' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...
Malicious code in mse-authentication (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a953627a77037de50d82384daca1d98d101c4c09b315ab91fd597a43557fbd99 The OpenSSF Package Analysis project identified 'mse-authentication' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...
MAL-2026-4831 Malicious code in editorial-mse-authentication-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a97fd474e8661c575287f7cc9fddd0ee1ac95240c13653555ca2b416e895b99a The OpenSSF Package Analysis project identified 'editorial-mse-authentication-ui' @ 99.0.1 npm as malicious. It is considered malicious because:...
Malicious code in @databus-service-ui/ui-event (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b82b3af71dce087a185cffa6f3691ad5a4e4c3d9e35154070ef4ad0dd4f15b10 scripts/postinstall.js performs two install-time attacks against any machine that runs npm install. 1 Credential exfiltration: it iterates process.en...
Malicious code in verify-mycommand (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f94ffb54a2471d0cc94ce1ea88f741e034221a374f17bfadbd609cb22f14f24 On npm install, postinstall.js executes whoami and id, collects host identity hostname, platform, cwd and CI metadata CI, GITHUBREPOSITORY, NODEENV...
MAL-2026-4289 Malicious code in @stockrepublic/republic-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...
Malicious code in @stockrepublic/republic-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...
MAL-2026-4290 Malicious code in clipboard-guardian (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...