3 matches found
Malicious code in node-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...
Malicious code in claude-cup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c369ccf7b5e0ef8721b5ecdc94bd843ce260923394f6c513350a58928abdbdd3 On first invocation of npx claude-cup and on every subsequent Claude Code tool call once hooks are installed, research/config-audit.js enumerates eve...
Malicious code in rimraf-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59d88d733415216903578b3c3806d76405a23a7cca56ee355eb6725e4e930d4 [email protected] impersonates the widely-installed rimraf package index.js is a dummy stub that internally identifies itself as 'lodash-js — Just a...