2958 matches found
Malicious code in ecto-spirit-win-k4n8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bca2b14b2c93ed832aa83a138c20bc53b4e053cf282ef5878333b1f50b803e55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5693 Malicious code in sea-bound-siren (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...
Malicious code in ecto-corsair-flag-x9m4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd1e74d04f91a92c7c0205e252bc0002095d0c1ce9b9e9390083d267422e8b10 On npm install, postinstall.js executes attacker logic gated by hostname and working-directory checks designed to fire only inside CTF-style containe...
MAL-2026-5690 Malicious code in ecto-spectral-leak-8d4e2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...
Malicious code in @tenforce/toolbox-fontmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc43bc0434418226ca77115c791ff0ea0031a0d314e73acfe0a62686528ceaad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5656 Malicious code in @integrations-center/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a23606af0a8ca92d6caee4fa3a9171e6268ad073eec054cb0d2835747bf7cbbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pui-diagnostics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f05c21e14c3c230fc88a2e0513e8dcd1ba8eda06a21ee1371dd5277b4280740a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5651 Malicious code in ozonex-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5e40322806de6c1fc8ca77941438b3481f3f12059a9c34d13645c2a4b8a82c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in clsx-tailwind (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e1efb9d7593baede89024227d99cc6ca9fc0c86e1f0faf8dd78560174cf1b39 Package advertises a trivial Tailwind class-name merger a 5-line cn helper but its main entry dist/index.js unconditionally requires...
MAL-2026-5629 Malicious code in sass-formats (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...
MAL-2026-5630 Malicious code in tailwindcss-animates-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36f982d7c842137890d743938442fe409fd41a786fe5727bcd77277406b2a189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in justgetit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in crypto-promise-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00594a3ae015e55e13c94c904866eae7b86a39b904b2d79469c4b59508c3918f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in argoncrypt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca59273c7d2b5b7797e301ab861354081dbbb6c47209858459be0ada49036167 On require, index.js spawns a detached, unref'd Node child running lib/initializeCaller.js. That file decodes a base64-disguised URL...
Malicious code in martinez-polygon-clipping-simul-dalton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc17081752344fc57ebe6468de5909582aa81fb2957e605ee81aa46252150a0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in npmjs_truffle-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fbc74fbe261cc7bba8c1f9005f7b7573aff1240a5ac8bbf831a3ce8a7c23e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in solidity-abi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d00c844413b4c809e5d57d1952a17f67f2c72324fd379c91d5fdd8aa3fdd9da9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in plugin-fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85454b4f6eb05f7133937ef6acbdd16ae04b31aaf2b4806bdcac1d845fb80d6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @doaction/wasm-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118555cc138d5dbc40c11c385af69fa4c6c5caa2fc05e6b0b49c65cc69491a78 Package name and description advertise a 'WASM loader,' but the tarball ships no WebAssembly code. Instead, package.json declares "preinstall": "node...
Malicious code in @doaction/sudo-prompt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 488a945e315d4824a3cc9dbb099b6eb414d12692164cb2c965626725ff64776a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...