MAL-2026-4808 Malicious code in wm-idp-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2acf2a0d94ec1d2bada80f3251f5ecbea64d78ffadcab2b997b9708c2ae71cd package.json declares "node-fetch": "https://registry.ctzbg.com/wm-idp-sdk/node-fetch" — a direct HTTPS tarball URL hosted on a domain...

Malicious code in @sec-loans-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...

Malicious code in @riskine-frontend/design-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 307db7b976bd8c59b1e8e8247fee9f91ab6a353bf0ae6aa129ceb8e552d6814c @riskine-frontend/[email protected] is a near-empty package whose only effect on install is to pull an external dependency. index.js contains ju...

MAL-2026-4425 Malicious code in @riskine-frontend/design-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 307db7b976bd8c59b1e8e8247fee9f91ab6a353bf0ae6aa129ceb8e552d6814c @riskine-frontend/[email protected] is a near-empty package whose only effect on install is to pull an external dependency. index.js contains ju...

Malicious code in @trackking/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64d51e587bc0b6508fa3d38027f18d42d9ab4b6ccdb8dd2760543e8c52d6bb18 @trackking/[email protected] is an empty stub: index.js is module.exports = , package.json has no description, no author, ISC license, and a high-number...