MAL-2026-3870 Malicious code in @antv/dipper-component (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2025-47406 Malicious code in mstate-angular (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c320e2bfb6910ff89bb8610f780de83ce7f70dee3f8dfd5fff63bfda666a28c Any computer that has this package installed or running should be considered fully compromised. All...