2 matches found
MAL-2026-6499 Malicious code in mongoose-json-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3dc63cdceb40d6f0fe338bcdbe589689ab2897f44cbb6b7c3d0192b5bd09c5 On require, helpers.js instantiates a Helper whose constructor invokes createLog. createLog base64-decodes the string assigned to HASHKEY decoding to...
MAL-2026-6066 Malicious code in quirky-token (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...