4 matches found
Malicious code in vite-config-optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...
MAL-2026-5709 Malicious code in chalk-plus-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5351482f03a50cab8a28b6aa7c992c960a55c6889634d2a04bb86a157ac18d1 Package is published under a name riding the popular chalk color-output library but its source tree, README, main entry lib/nodemailer.js, and lib...
MAL-2026-5527 Malicious code in check-error-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c25cbbb904c18028cac363ba66eb89d91301bd3204a8347834e52387b4b575e On require/import, index.js executes a top-level resolveConfig that reconstructs a URL from an XOR-obfuscated integer array, AES-256-CBC-decrypts it,...
Malicious code in check-error-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c25cbbb904c18028cac363ba66eb89d91301bd3204a8347834e52387b4b575e On require/import, index.js executes a top-level resolveConfig that reconstructs a URL from an XOR-obfuscated integer array, AES-256-CBC-decrypts it,...