54 matches found
MAL-2026-10613 Malicious code in ethereum-lib-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...
Malicious code in tailwind-animate-v4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd43366b04ea80c2244079c09602623af157ce00cba9ae1837005b97ffe44bdb The package presents itself as a Tailwind CSS animation plugin and reproduces the legitimate tailwindcss-animate source including its original author...
Malicious code in vps-new-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a87c3a5996e3d81f13922de94c19e39af1be7c9b6920fc9ade4f43edd838b7 The package's main entry dist/index.js re-exports createServerAdapter from./server/index.js, causing that module to evaluate on any require/import of...
Malicious code in @osmura/treeify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4643c1f27e4916ea6090f1e6196c980fa1d65b96899a80b1f57633eaf16a61a9 The package republishes the upstream treeify library Luke Plaster, repo notatestuser/treeify verbatim under the unrelated @osmura scope, preserving t...
Malicious code in mongoose-json-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 910cc6eef707ac872daeb3a527e6dd9c75044ebb178f9eb48745f5cfd4123968 helpers.js defines a createLog helper that base64-decodes a constant HASHKEY to https://www.jsonkeeper.com/b/XVHGD an anonymous JSON-paste host and...
MAL-2026-6499 Malicious code in mongoose-json-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 910cc6eef707ac872daeb3a527e6dd9c75044ebb178f9eb48745f5cfd4123968 helpers.js defines a createLog helper that base64-decodes a constant HASHKEY to https://www.jsonkeeper.com/b/XVHGD an anonymous JSON-paste host and...
Malicious code in typedecode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 593662d3b4cda901642b713f419417807a33f3dca74e818f66e8d0cf9ebcf6e3 On require'typedecode' / import 'typedecode', the bundled dist/index.cjs and dist/index.js execute an obfuscated import-time payload. A bootstrap.js...
Malicious code in ts-grok (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a981e7e3ba27d859a2c536cbc25c04ebece92e1992035226ea9246d8bd381f1d Package ts-grok ships a verbatim copy of big.js v7.0.1 same banner, author 'Michael Mclaughlin', repository URL https://github.com/MikeMcl/big.js.git...
Malicious code in @thymelab/logfx (npm)
@thymelab/logfx malicious version 2.15.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...
Malicious code in new-eslint-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752e7f074edbf8521da2ee0b7c68c28a2f76d86576138df8f18e08aaa3a5c38 Package is published as 'new-eslint-1' but its package.json description, README, repository URL MikeMcl/big.js, and source are a verbatim copy of...
MAL-2026-6225 Malicious code in new-eslint-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752e7f074edbf8521da2ee0b7c68c28a2f76d86576138df8f18e08aaa3a5c38 Package is published as 'new-eslint-1' but its package.json description, README, repository URL MikeMcl/big.js, and source are a verbatim copy of...
Malicious code in ts-big-ecro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09cc5687efdad86354f994af9fa7d7c28fbc21d7b5b4558870aba1c05dcf425b ts-big-ecro is a verbatim copy of the legitimate big.js library MikeMcl/big.js v7.0.1 with its name, repository field, and copyright preserved to...
MAL-2026-6199 Malicious code in ts-big-ecro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09cc5687efdad86354f994af9fa7d7c28fbc21d7b5b4558870aba1c05dcf425b ts-big-ecro is a verbatim copy of the legitimate big.js library MikeMcl/big.js v7.0.1 with its name, repository field, and copyright preserved to...
Malicious code in new-ecro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7492a140547cea0957bc705d365e19806091462a249c3d5c90b6bfe91e8431c7 Package 'new-ecro' impersonates the legitimate 'big.js' library: it copies big.js's README, source, version banner 'big.js v7.0.1', author email, and...
Malicious code in pino-slite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea546461f3101a972511a0bb9d66b73849904ad3522724d1670b003e108c11bb pino-slite impersonates the legitimate pino logger README titled 'pino-slite Pino' with badges and homepage pointing to getpino.io, exported function...
Malicious code in react-json-chalk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...
MAL-2026-4792 Malicious code in react-json-chalk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...
Malicious code in test-nonmal-pkg-5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f52d81c9285fd103cfe5f8dc724c173c1b4e57e96cd56313cec119fbbbc9982 index.js is hex-name-obfuscated 0x-style string array and, on require, enumerates the entire process.env via Object.keysprocess.env into a snapshot...
MAL-2026-4785 Malicious code in test-nonmal-pkg-5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f52d81c9285fd103cfe5f8dc724c173c1b4e57e96cd56313cec119fbbbc9982 index.js is hex-name-obfuscated 0x-style string array and, on require, enumerates the entire process.env via Object.keysprocess.env into a snapshot...
Malicious code in jsontoken-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59a8a8ab722d33bdd2ea25422aaf7e607a1b1a881446c3561ec8225fb9187742 On require/import of jsontoken-extend, sign.js executes a top-level IIFE that base64-decodes a hardcoded string to https://www.jsonkeeper.com/b/XAMRK...