Malicious code in testzapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5840f2a3b34d7f32de7243a146ecf85ac875bd1ef09b0ba9a395d08e356084f package.json declares a preinstall hook node index.js that fires automatically on npm install. index.js spawns a shell that runs curl -X POST against...

MAL-2026-5575 Malicious code in testzapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5840f2a3b34d7f32de7243a146ecf85ac875bd1ef09b0ba9a395d08e356084f package.json declares a preinstall hook node index.js that fires automatically on npm install. index.js spawns a shell that runs curl -X POST against...

Malicious code in @monitoring-lib/error-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 491603ad44ed812c3d248696b00f7d4801a4c1dc23e4f23a3bb86f2ef499616d On npm install, the preinstall lifecycle hook in package.json runs a Node one-liner that reads the installer's hostname os.hostname and username...

Malicious code in @access-risk/browser-remedy-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de4bc9f19feea718e091e9b0a480e9b939cdffa88109375020895c99efa489c On npm install, postinstall.js executes automatically and collects host identity and environment details using os.hostname, process.cwd, and filesyst...

MAL-2026-5520 Malicious code in @access-risk/browser-remedy-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de4bc9f19feea718e091e9b0a480e9b939cdffa88109375020895c99efa489c On npm install, postinstall.js executes automatically and collects host identity and environment details using os.hostname, process.cwd, and filesyst...

Malicious code in menu-filter-widget-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed4a7ece362ef59f2b621b3f64d06e899740c8ca8d73e437145d48b960187ce package.json declares a postinstall lifecycle hook that runs callback.js on every npm install. callback.js reads os.hostname and sends it to a...

Malicious code in @nstrlabs/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0b1375de7b44594cd3760efb91cb94c8c8b7137322f4597114e314ce5e14e45 On npm install, package.json runs preinstall: node index.js || true, unconditionally executing index.js. The script collects host identity fields...

MAL-2026-5427 Malicious code in @payment-review/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d624eaefbb0245bf0c9a7b598c461a3ba5ec48005cfec223898062741ef8c2e package.json declares preinstall: node index.js || true, so installing the package automatically runs index.js on npm install. The script collects ho...

Malicious code in @card-pci-data/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a82d7b7e7588c4b773e2948eb1707e62f2fcece2bec37a23eda5d5058eae871 On npm install, the package's preinstall hook scripts.preinstall: node index.js || true runs index.js which collects host identity — os.hostname,...

MAL-2026-5407 Malicious code in @card-pci-data/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a82d7b7e7588c4b773e2948eb1707e62f2fcece2bec37a23eda5d5058eae871 On npm install, the package's preinstall hook scripts.preinstall: node index.js || true runs index.js which collects host identity — os.hostname,...

MAL-2026-5413 Malicious code in @klapp-login-platform/native-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b3bc8633d15b44abc90074d3362fd9399f53d10a88e24264caee9d924a72bb6 On npm install, the package's preinstall lifecycle hook runs node index.js, which collects installer-side identifiers — os.hostname,...

MAL-2026-4807 Malicious code in shop-minis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e9e3e4e8e9e12bac20967fa551c549a93915b33007d7e54f8bfe0eed26a216e On npm install, the package's postinstall script postinstall.js, run via scripts.postinstall = 'node postinstall.js' collects host identity — whoami,...

Malicious code in shop-minis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e9e3e4e8e9e12bac20967fa551c549a93915b33007d7e54f8bfe0eed26a216e On npm install, the package's postinstall script postinstall.js, run via scripts.postinstall = 'node postinstall.js' collects host identity — whoami,...

Malicious code in walmart-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6bfb508fa412e49b249eaf5529f175ebb14f0e7d9fe19a119e8cc9acf25505a Package declares preinstall: node poc.js, which on npm install collects host identity os.hostname, whoami/id, ipconfig/ip a output, scrapes environme...

Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

MAL-2026-4688 Malicious code in tempo-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc05637e4f67c7a00ac3b790680f46174243df9c2740a161a029d4b266a79839 On npm install, the preinstall script poc.js collects host identity hostname, username, OS/platform, network configuration ipconfig / ip a /...

Malicious code in tempo-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...

Malicious code in search-connector-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...

Malicious code in zest-product (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...

MAL-2026-4738 Malicious code in zest-product (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...