2 matches found
MAL-2026-4018 Malicious code in @antv/github-config-cli (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2025-190686 Malicious code in @trigo/jsdt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff5aae2e5762514a4d2a304a2ceb36d9b895c8bd88c9a6303752aea4b078119f The package @trigo/jsdt was found to contain malicious code. Source: ghsa-malware 91f1b0ba55c42b887eade435580838bef529a7fe7a9b9fd8b3cd05ada0528cc7 An...