Malicious code in groq-link2 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41bce2830a85a25120da79481083dd6be69ce23b29f67ed7678a9009bbdb71f7 The OpenSSF Package Analysis project identified 'groq-link2' @ 1.0.23...

Malicious code in internal-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0d00b355d25f3b655de9e0b371123c75c0761a20b1bb05f7d45dcf595586070 The OpenSSF Package Analysis project identified 'internal-utils' @...

Malicious code in @frontend-clients/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7fe458099d7b7c0662a9f2283b87071d2afc98b120e402fc20ce916a5b5962ff The OpenSSF Package Analysis project identified '@frontend-clients/design-system' @ 10.0.0 npm as malicious. It is considered malicious because:...

MAL-2025-5175 Malicious code in test-package-vans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 27c1fc3b6a086e894434a4bb93a7280083831b719de5259c00fa388ac3e4c1f4 The OpenSSF Package Analysis project identified 'test-package-vans' @ 1.1.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-5007 Malicious code in reoregistration (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 78444474811c971e219548f0c559d06bef5a4e4cb65703c5ad604ce64f3d0a4d The OpenSSF Package Analysis project identified 'reoregistration' @...

MAL-2025-4931 Malicious code in volehai-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 695b1f1647ff88855017c178d47ab04527b14c3817e9b4ed343c1220cc7b18df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4669 Malicious code in world-id-poap (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bdb64432a67fa7109c5ee4d1d5b94d0127eaedab876302eb3b246ae55b111498 The OpenSSF Package Analysis project identified 'world-id-poap' @ 1.0...

Malicious code in bombomfortester (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2119b099a99b02e77d8dffa997198ef3e58b31b1073e8d0d8ba4e56c36bf2cda The OpenSSF Package Analysis project identified 'bombomfortester' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...

Malicious code in studocu-extension-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b65c603a493cae2050aa25da30a9442d60b84baa80985df69af20af3e08fc9f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2800 Malicious code in eqbank (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1cb4c6c3534c2743f4bda73f51a773076db5813a4a72f7117d73feb0475ce70c The OpenSSF Package Analysis project identified 'eqbank' @ 1.0.0 npm as malicious. It is considered malicious because: - The package communicate...

Malicious code in tree-sitter-erlang (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 712279ef7d69026b60fa7e5d9007249ac05502576b2a1164da1dbafca2be44f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2488 Malicious code in antlir2-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 580dffd4893c96ae46965b4244381b9fcc03d13cdd1cf32b89bb7a0eee2521e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12115 Malicious code in distylai (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc9a8e5f3990caec837683f3eb8d7da8675e47e9ba392de34e502182e6127349 The OpenSSF Package Analysis project identified 'distylai' @ 1.2.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-11896 Malicious code in haefgerasgrae (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c51eb8de5b4c76701af20deeb703ba85374c2036c17fd5bcd09b7b0233c6ae34 The OpenSSF Package Analysis project identified 'haefgerasgrae' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...

MAL-2024-11797 Malicious code in testin-elengos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8b81d93eabbd732b074f3694f5d0bd4969f90c18eceb07c91c188cba1f26b5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in paypal-js-root (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6775b74cea176b7aaff3429e4e55a224d9f03da9865a07c99940ff7f0cf1162 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lib-jitsi-meet-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0247e3f2877ee9dba4689c00ae13db004afaea694957dfb979bf3cfbd1ef9e31 The OpenSSF Package Analysis project identified 'lib-jitsi-meet-sample' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in symphony-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8ac47d747638835685ead66cf3fe6fc737f93e540093a4f94b0148b45db3c3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10818 Malicious code in tautoak4-hello-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f0a170170a102f43fd03d3b08bbcb53a572a5f48cde13250b3059ff3b332404a The OpenSSF Package Analysis project identified 'tautoak4-hello-world' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

MAL-2024-10712 Malicious code in aptos-mint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 36708bd8a484a66c209db0503bcb408bda289bc62ccb62bf603f1351229362ea The OpenSSF Package Analysis project identified 'aptos-mint' @ 0.0.1 npm as malicious. It is considered malicious because: - The package...