MAL-2025-47300 Malicious code in config-cordova (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6be890bb2add4317485a3489a291b37fc52ecb9b16d9d5f5f1a6c67421c14c6 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in @things-factory/auth-base (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db891d17c83cd814d4976534e1ff8e7675f41f0c50baedecafab80bcdf4156fb Any computer that has this package installed or running should be considered fully compromised. All...

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub , experts warn. The malware, which briefly infected multiple code packages from the securit...

Malicious code in @crowdstrike/logscale-search (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf328d64388e35603ec9a233e2d1ba28fa6fd2508bf245a22733a1818a670e92 Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47353 Malicious code in thangved-react-grid (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb6134bdc146e263c03b7d3570bbacb8e08229e146913f1c48c206423f98b2eb Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47336 Malicious code in oradm-to-gql (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0ac4253913c37f56a9ee729dd49820eda47882515ce23f981c61b39f249ecf4 Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47313 Malicious code in eslint-config-teselagen (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89578bb497a4146350263dc8ff6e50c742f9272af2886bd5afc2e0b26160082f Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in koa2-swagger-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31fd12270f2d2a5b53bfaf3aabcbae8d26a7eec21613c28e4673369a33025ba5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @ctrl/torrent-file (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff09406779243d2fc9bc760936ed5d719341a950dcd013607c74fb31c9b437f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...