MAL-2026-1486 Malicious code in trello-enterprises (npm)

The package is malicious due to a postinstall script executing a file that exfiltrates sensitive information to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a327d3918cfde33c4405296d7b5e2644bf1435d6532be30af21d41135d529ef The package...

MAL-2025-1533 Malicious code in metamask-design-tokens-tailwind (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4376a3d800319e2df7e817984307b066ba79cc3b9f0785a2899c7c6deaf11083 Any computer that has this package install...

MAL-2025-1340 Malicious code in gemini-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c09b00286a4703399abe639fd63b221927636bff2eaa714fce91ae4f8c05451c Any computer that has this package install...

MAL-2025-72 Malicious code in tt4b (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 566cb941a2928e1680d09217c711e1a56aa24333a874bd07cff988cfa17e31eb Any computer that has this package install...