173 matches found
MAL-2026-4116 Malicious code in @antv/x6-vue-shape (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4148 Malicious code in miz (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4119 Malicious code in @antv/xflow-core (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3899 Malicious code in @antv/f2-wx (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3924 Malicious code in @antv/g-mobile (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3978 Malicious code in @antv/g2-plugin-slider (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3883 Malicious code in @antv/f-lottie (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3953 Malicious code in @antv/g-plugin-svg-picker (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3902 Malicious code in @antv/f6-core (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3871 Malicious code in @antv/dipper-hooks (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3850 Malicious code in @antv/algorithm (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
Malicious code in @voiceflow/dependency-cruiser-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f310f0649a09ab3e8f8ca155d2067e1f39ad9ac40a987851fd0dd352ffc268fe The package @voiceflow/dependency-cruiser-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in @dev-blinq/ui-systems (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ce530512b608913637db50ce0058d08d5afb8173c8b5968023c9b9665bcde49 The package @dev-blinq/ui-systems was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191360 Malicious code in @voiceflow/nestjs-redis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e418bb230f36e6cbd5feaa2ec800cf58fa1e701bcf7b8fd1dd8806223a94c645 The package @voiceflow/nestjs-redis was found to contain malicious code. Source: ghsa-malware...
Malicious code in @afetcan/storage (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4abbde27cce56326711e4e32f42572cb60977ca7ccce4ebf1fcfa558a847c1a6 The package @afetcan/storage was found to contain malicious code. Source: google-open-source-security...
Malicious code in @browserbasehq/stagehand (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0147cee6c903a9fd8dabfedd42c60df91437e6a7a750bebff3c26ce687d4443a The package @browserbasehq/stagehand was found to contain malicious code. Source: ghsa-malware...
Malicious code in @oku-ui/alert-dialog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824a69f83431a766f681bc72d705ff3b28ae9309898b4ad10979adca148f2276 The package @oku-ui/alert-dialog was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/arrow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 085e9cbdb891d5b550a81a42584b1cdd8ab001a9443b162158aa633ce18b1e06 The package @oku-ui/arrow was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/direction (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 572259c931f7e9ea0c8cd7b3beead49e6d4c490154b7f692c0547ea136c2b6b4 The package @oku-ui/direction was found to contain malicious code. Source: google-open-source-security...