2 matches found
Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
MAL-2026-4804 Malicious code in @leviyuan/lodestar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c295b3a16fad72f7b165d049e75feb88883dcc1b5b8d9d72b52ac7b40aa09ba The package ships a lifecycle-invoked script dist/lodestar-setup.js that performs an HTTP POST to a hardcoded https://open.feishu.cn endpoint, with...