10 matches found
Malicious code in flatmap-stream (npm)
The package flatmap-stream was found to contain malicious code...
MAL-2025-20690 Malicious code in flatmap-stream (npm)
The package flatmap-stream was found to contain malicious code...
GHSA-9X64-5R7X-2Q53 Malicious Package in flatmap-stream
Version 0.1.1 of flatmap-stream is considered malicious. This module runs an encrypted payload targeting a very specific application, copay and because they shared the same description it would have likely worked for copay-dash. The injected code: - Read in AES encrypted data from a file disguise...
Malicious Package in flatmap-stream
Version 0.1.1 of flatmap-stream is considered malicious. This module runs an encrypted payload targeting a very specific application, copay and because they shared the same description it would have likely worked for copay-dash. The injected code: - Read in AES encrypted data from a file disguise...
Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins
A widely used third-party NodeJS module with nearly 2 million downloads a week was compromised after one of its open-source contributor gone rogue, who infected it with a malicious code that was programmed to steal funds stored in Bitcoin wallet apps. The Node.js library in question is...
GHSA-MH6F-8J2X-4483 Critical severity vulnerability that affects event-stream and flatmap-stream
The NPM package flatmap-stream is considered malicious. A malicious actor added this package as a dependency to the NPM event-stream package in version 3.3.6. Users of event-stream are encouraged to downgrade to the last non-malicious version, 3.3.4, or upgrade to the latest 4.x version. Users of...
Critical severity vulnerability that affects event-stream and flatmap-stream
The NPM package flatmap-stream is considered malicious. A malicious actor added this package as a dependency to the NPM event-stream package in version 3.3.6. Users of event-stream are encouraged to downgrade to the last non-malicious version, 3.3.4, or upgrade to the latest 4.x version. Users of...
Malicious Package
Overview Version 0.1.1 of flatmap-stream is considered malicious. This module runs an encrypted payload targeting a very specific application, copay and because they shared the same description it would have likely worked for copay-dash. The injected code: - Read in AES encrypted data from a file...
Node.js third-party modules: flatmap-stream malicious package (distributed via the popular events-stream)
I would like to report a case of malicious package flat-stream that made it's way into many other npm packages. One such popular package is event-stream user dominictarr transferred the ownership of an npm module to another user because he wasn't actively maintaining it. That user then added...
Malicious JavaScript Package Detection
Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...