6 matches found
MAL-2026-10431 Malicious code in @tailwind-ts/eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...
Malicious code in eslint-plugin-superhuman-custom-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e50258e14acd3712854f3059d043b8c4982563ab8d401555b253702a3212279 The package eslint-plugin-superhuman-custom-rules was found to contain malicious code...
EUVD-2026-3169
Malicious code in eslint-plugin-fuel-react npm...
EUVD-2025-176037
Malicious code in technosignature-eslint-plugin-deimos-stop npm...
MAL-2025-142206 Malicious code in eslint-config-prettier-plugin-markdown-zephyr-airbnb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b3ef52b43da2fe6d4c198943373ceb6eaaa3a2711589e609220e6dcda6cf2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eslint-plugin-amphtml-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35f43ba909b0b64bd2035c4e01d64c2f6f506ee7a3be8161a2c16aeb01d93863 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...