Lucene search
+L

5 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 3:27 p.m.11 views

Malicious code in @dsft/ft-element (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a7ba80413e901c3cf618c92bd61dc6942bf167fac46b0dc7c554a4a06f705c1 On npm install, the package's preinstall hook preinstall: node index.js in package.json executes index.js, which reads process.env.INITCWD, derives t...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:40 p.m.18 views

MAL-2026-5418 Malicious code in @nstrlabs/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de7b47a7f81209dbbaff286599b46f4f030ff992b6d0c25d947cc84739b838d9 @nstrlabs/[email protected] is a hollow package whose only behavior is an install-time exfiltration beacon. package.json declares "preinstall": "node...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 1:19 a.m.12 views

Malicious code in audit-logsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f1d266fef23fc79d6af52affefa68c2220baad023d09a7acc4d439a23dfdb69 The package's postinstall script executes shell reconnaissance id || ver && whoami && hostname, fetches the installer's public IP from api.ipify.org,...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/20 2:34 a.m.10 views

MAL-2026-4506 Malicious code in cb-wallet-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d076ee3d487c7c10f785494c4391e39eb327b696224d5653746144fa5ac8d37 Package name 'cb-wallet-data' targets a presumed Coinbase-internal namespace and is published by an unaffiliated party. Both postinstall.js npm insta...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:34 a.m.13 views

Malicious code in cb-wallet-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d076ee3d487c7c10f785494c4391e39eb327b696224d5653746144fa5ac8d37 Package name 'cb-wallet-data' targets a presumed Coinbase-internal namespace and is published by an unaffiliated party. Both postinstall.js npm insta...

5.8AI score
Exploits0References1
Rows per page
Query Builder