550 matches found
Malicious code in abuden222 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c141ada78ccdede0bb49a76d998fcf07eb4cc60c58cce5fdc1b5933b85a817d The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden217 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42fce03517a0e7a241f99d0ce806a5bb90a4f70b083a2997c80868f3bc37d4b4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in sleek-pretty (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba44435dd6e0686c11ff8a9e27c60eef2f2fbdbcdbd0c3936d1f07cc78d38090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in terminal-prettier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c7e821d2559361693f75e32b42a5e7a0eef5d99c723d0e35b06f12fd91e9600 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @huobi-ui/activity-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2dc07679f0c801fbb465a2502687e29ed687871964c5d84c0dd5f2b7f94e8ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @muaththir/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66954b91179d60bfbf1c18e8ed8ed9e6b12ab7b13bc6ab2a4174c3bf063c2c0a On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identifiers os.userInfo.username, process.cwd, Node...
Malicious code in @mastra/clickhouse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea737d5664a4642538e7e34488a6b0a8df3156828a62e33ada84544a33b214b5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in solidity-abi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d00c844413b4c809e5d57d1952a17f67f2c72324fd379c91d5fdd8aa3fdd9da9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-schema-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d68e7e22dfa399a34405dd3c5824b27aa46ef7773d2bad7b4b698c77f17ccf1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in motion-ui-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddce58f1bde22bf0563aee5f71aefe48c82ad61076557935bf8fff16eb9df3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @gbrlxvii/ts-project-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...
Malicious code in sol-coverage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6ac3d8c51b3f87a97b7b9724145b73d894fc4027da14122aea3eb6d51bfb671 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3589 Malicious code in nextmove-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df7f916a0e0b35995c3bb3ad68e6686d75a52472172d505eee44bf060e54c105 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pi-exa-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75549c181fe30d370fa436cfe9a04d0df8fa0270b0d022bd5e69b780fc5c10ea The package pi-exa-mcp was found to contain malicious code. Source: ghsa-malware 8b7369c9538e4cea56d92cc659b74b1243d5fd03b619c23d32a85c21b5c8981a Any...
MAL-2026-2690 Malicious code in @pnc-ref/harmony-support-v18 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c6a47dfcf980f2cd22ec066b1f85f003d7001a45e28ee6a5541e4b18e5edc5 The package @pnc-ref/harmony-support-v18 was found to contain malicious code. Source: ghsa-malware...
Malicious code in @c8o/nimbus-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8225c79aa127203c225df747705db370e11cfae184af100a063b2dfa4eb20eb8 The package @c8o/nimbus-core was found to contain malicious code. Source: ghsa-malware 23fd3197db4264e7b8ef6d65380e017c5b205b46a8e732df586feffcf3c7c7...
MAL-2026-2129 Malicious code in express-session-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3beac16c32c8776482bafbb2ad95b50b7b18bf6e93fbf712238f60a4d7ae363d The package express-session-validator was found to contain malicious code. Source: ghsa-malware...
Malicious code in falcor-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9785eb8c1ddee20b09854389d561efd036035d846771b120bb4d7c412816f19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2051 Malicious code in @emilgroup/insurance-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddc13f3218d4cac889a3d7c9d646430c04959f242c5c6cb593d3a31f84baa7a4 The package @emilgroup/insurance-sdk-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in @emilgroup/accounting-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b18ede5b5fb4b02a83fa00e0ee9bed39f2a9aa04a952734abf0022f00f7bf4 The package @emilgroup/accounting-sdk-node was found to contain malicious code. Source: ghsa-malware...