Malicious code in vite-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...

Malicious code in vite-plugin-compress-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f7b2710441863a429a2a1833e06f54e9afc23c87d1b40d7ee09e1995c6a65c2 On module load, this Vite plugin performs an HTTP GET to https://www.jsonkeeper.com/b/XVHGD an anonymous, mutable paste host and passes the response'...

Malicious code in db-dx-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a6cd3a84c38e801823eba4ccf0d4ff2a28f5955309bfb300f7f0f640b1a69b db-dx-connector is a name-transposition of the legitimate divblox package dx-db-connector the package.json even points repository.url at...

MAL-2026-5463 Malicious code in db-dx-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a6cd3a84c38e801823eba4ccf0d4ff2a28f5955309bfb300f7f0f640b1a69b db-dx-connector is a name-transposition of the legitimate divblox package dx-db-connector the package.json even points repository.url at...

Malicious code in react-ui-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c43460df1ee670b8a5982d77e7028aef7df25fa38922f743489fd52b41b5ea Package advertises itself as React polyfills / UI compatibility helpers but ships no React or polyfill code. The exported getPlugin function returns ...

Malicious code in midcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...