MAL-2025-6793 Malicious code in productboard-eslint-plugin-relay (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 50a95e4b008863c195930bcd301dd1f243002839a301a5be5d0078cab7b22786 The OpenSSF Package Analysis project identified...

MAL-2025-6349 Malicious code in inditextech (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 455c80b36b4b1ba97172a5cd0ebbe04c6b7fd35f405aeaa3d570ae77522dc433 The OpenSSF Package Analysis project identified 'inditextech' @ 10.0.3 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6257 Malicious code in redux-saga-channel-end-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3c0fde8502cb19eb266cf53e69e92a54e426d6996f99eefd2c3ecefd5db7cc43 The OpenSSF Package Analysis project identified...

MAL-2025-6266 Malicious code in @teamstelemetry/shared-logger (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6221 Malicious code in creditorwatch (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8e512b66a32adafac8cde5bf65b57c17c80568658cec0a3a723b1cf9f5a46e2 Any computer that has this package installed or running should be considered...

MAL-2025-6072 Malicious code in anchor5 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f8d44079a1abc61c092193be41f21fe5d45b1f7231f539e42efbef50278baa80 The OpenSSF Package Analysis project identified 'anchor5' @ 1.2.0 npm...

MAL-2025-5847 Malicious code in vtk-osmesa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 910e787804512eabe1c118f5347fed9f57ca936717e18a80d26622108d75399e During the installation, sensitive information are exfiltrated incl. env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2025-5821 Malicious code in preview-server-auth-test (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5651 Malicious code in @laredoute/design-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e56fdae15fb0b525a4212e71ff9dd4ec7cd0e3f4076552ec379c49c8f4a4e899 The OpenSSF Package Analysis project identified '@laredoute/design-tokens' @ 0.1.55 npm as malicious. It is considered malicious because: - The...

MAL-2025-5334 Malicious code in workflows-template (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e1496b26e69a907ccdfa4de45ea382e2c22b156aaa97629f76574f17d12eff2 Any computer that has this package installed or running should be considered...

MAL-2025-5321 Malicious code in sdk.babelhelpers (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ecc77e86573c3fd986a8fac35d0368893554af91bcf9f31d8e0c2fa342d3890 Any computer that has this package installed or running should be considered...

MAL-2025-5279 Malicious code in phantom-labs-sandbox (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9fd1e98be0b346737740a6114c37dc7dd21cd328f21d026e07d9eb0348e43464 Any computer that has this package installed or running should be considered...

MAL-2025-5309 Malicious code in meli-ai-chat-library (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fe9cef75ee52e8b6473470f69a31b8e7057f0fb632c88b89af63c14484d1c13 Any computer that has this package installed or running should be considered...

MAL-2025-5249 Malicious code in nstmrt-stf-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0da052c315a64ad23ddcebd853a91fc2f81597d0cd587326b5f7554911cc9d73 The OpenSSF Package Analysis project identified 'nstmrt-stf-api' @ 1.0.10 npm as malicious. It is considered malicious because: - The package...

MAL-2025-5241 Malicious code in taskcluster-db (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 015560a72e308c3ba1770533176ac7fe0bcfbe4892581829992ee47063774f5c Any computer that has this package installed or running should be considered...

MAL-2025-5172 Malicious code in idse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 869cc34e50a9769a40adaa64071f9f2d1b86bd17671c26b2a790d2b72089dddf The OpenSSF Package Analysis project identified 'idse' @ 1.0.10 npm as malicious. It is considered malicious because: - The package communicates...

MAL-2025-4584 Malicious code in arc-offsec-custom-library2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a8fa793672d2e0686853c58a6768867a936971cb91561c3a1cbcebda67c22121 The OpenSSF Package Analysis project identified 'arc-offsec-custom-library2' @ 1.0.9 npm as malicious. It is considered malicious because: - The...

MAL-2025-3700 Malicious code in airmason-employee (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f8954b40939c6627506907db7e85071941c5095c106f21463227c57f81020a8d The OpenSSF Package Analysis project identified 'airmason-employee' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-3407 Malicious code in my-rei-browser-shim (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c686104ae598e6be85ee3b485920aef58f29d1ece0db3383bbca1afa64b8f405 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3139 Malicious code in modeldb-vis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1a96162bc850d1cdd271c5fba070bedf3477359301f09f9991c578413eefc136 The OpenSSF Package Analysis project identified 'modeldb-vis' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...