Malicious code in turbo-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62503451ade68043379968f3dc4784fdb66424d55422854514e3ba1b10058324 turbo-axios is a typosquat of the popular axios HTTP client it re-exports the full axios API and reuses axios's repository/homepage metadata in...

MAL-2026-4609 Malicious code in mev-shield (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...

Malicious code in chalk-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0fe2974289b691a9f5541068f2e399aecb14a719779202ff5999652ffe351db On npm install, postinstall.js runs a credential and cryptocurrency stealer against the installer's machine. It reads /.npmrc extracting authToken an...

Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

Malicious Package

Overview better-styled-components is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

MAL-2025-49086 Malicious code in ethetsjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbf1d245815ae5573ce88fea42cb604308fd2473b55ebb63f823d33796cff6bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49085 Malicious code in ethesjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea9c413600cb75bea29c7e567157efcaa07b76b9efbb30cb378943bd81eb760e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49093 Malicious code in zustand.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61ff018c7bc2d4532beeb07e3738b8dfa2ba8ff0ee82971a9ae6bdba09d4bed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview zustand.js is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. Payload behavior The malicious payload runs npm...

Malicious Package

Overview typescriptjs is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. Payload behavior The malicious payload runs...