Malicious code in @sec-loans-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...

MAL-2026-4432 Malicious code in @sec-loans-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...

MAL-2026-4465 Malicious code in @web-3d-tool/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e96a726cf0732113215b2026a7a59fc6bf471f86d34153fea3a0e32b275fb5 @web-3d-tool/sdk is a near-empty package trivial 35-byte index.js, empty author/description metadata whose only effect on install is to pull in a...

CVE-2021-28099

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...

EUVD-2025-98174

Malicious code in hollowspiderz3n npm...

EUVD-2025-74572

Malicious code in hollowmeerkattan-52 npm...

MAL-2025-103741 Malicious code in hollow_dinosaur-silentdev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8a7ef8b88ccf1ad7efe32f7bb8520f604fb0eae09220aef1dd870478c0e6593 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-76655

Malicious code in hollowdinosaur-silentdev npm...

Malicious code in hollow_gibbon_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 870f8a5699f306fade227e67945b4f289c00a09419ec9bba863d5614653e3dbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-81689

Malicious code in hollowshark0xrequest npm...

Malicious code in hollow_mosquito_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dba94db2447a6e736219cdf3bd637aeee307a48d10542b45abacc8319d3bf21d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-81691

Malicious code in hollowmosquito0xrequest npm...

MAL-2025-103747 Malicious code in hollow_sturgeon_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecfec670628cf2f9e0a159d2b7f22873797f7a440cba9afdd7fe6dc9999e5ea9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-81690

Malicious code in hollowporcupine0xrequest npm...

MAL-2025-103748 Malicious code in hollow_toucan_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e48c682edcbcca51ddac14ed3b84e4ffc39b380ba905fafc686a31d27515eff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-69946

Malicious code in hollowtoucanz3n npm...

EUVD-2025-63716

Malicious code in hollowleechz3n npm...

EUVD-2025-63715

Malicious code in hollowmartenrequirement npm...

MAL-2025-94838 Malicious code in hollow_leech_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dba55198bb7f5fcbae967e4871322d2a2d29f58f8b7fae98759cce2252c302b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-63718

Malicious code in hollowbassz3n npm...