311553 matches found
Malicious code in shiroai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cde2f64fd59e62071433f92eab83a4817f0b306ff1735aa8c31ae31dcaf9830 shiroai is advertised as a CLI where the installer authenticates with their own API key via shiroai login . In practice, cli.js ignores any...
MAL-2026-4669 Malicious code in shiroai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cde2f64fd59e62071433f92eab83a4817f0b306ff1735aa8c31ae31dcaf9830 shiroai is advertised as a CLI where the installer authenticates with their own API key via shiroai login . In practice, cli.js ignores any...
Malicious code in whatsfly-labfox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44d4a24d293f810bd11587936b79a835fb0671b7af961328f836d57c7b0c4514 Runtime observations from install-time sandbox execution of the package...
MAL-2026-4776 Malicious code in whatsfly-labfox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44d4a24d293f810bd11587936b79a835fb0671b7af961328f836d57c7b0c4514 Runtime observations from install-time sandbox execution of the package...
Malicious Package
Overview build-scripts-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in wallet-agent-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb49d047eeab68307095cf3a30ff0d42d745855890f181e4cb53dc2f6903e91 dist/agent.js contains a hardcoded Telegram Bot API endpoint https://api.telegram.org used in a fetch/POST call near references to process.env. The...
Malicious code in harness-skil (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e03ab8467953cd2233e07e792a33c7df7be2c99c66da3b814538a169337b93e6 The package's install.js wired to an npm install lifecycle hook requires childprocess, fs, and https, then issues an https.get to a...
Malicious code in openprompt-lang (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c9966d5fe1ab82b40fd24082c36cc9acf5677772768f75b30cda755d9cdd98f scripts/postinstall.js runs unconditionally during npm install. When the opencode binary is not on PATH true for nearly every fresh install, it...
MAL-2026-4630 Malicious code in openprompt-lang (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c9966d5fe1ab82b40fd24082c36cc9acf5677772768f75b30cda755d9cdd98f scripts/postinstall.js runs unconditionally during npm install. When the opencode binary is not on PATH true for nearly every fresh install, it...
Malicious code in @gbrlxvii/ts-project-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...
MAL-2026-4299 Malicious code in @gbrlxvii/ts-project-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...
Malicious code in pewter-constantstest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050b19d8dad7c8c1a626c953493c23b375e434128f38950625f82b0fb244eabe On npm install, the preinstall script callback.js collects the installer's hostname, OS username, current working directory, npm registry...
MAL-2026-4384 Malicious code in @dreamlake/lakeshore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef6f14503697000ebd139364326d859a625a27a669e6f53b3e7a9388c3b0b25 On install, dist/cli/daemon/install.js fetches content from https://pub-c0109e197b4a4d1abe5884ac4dd3a023.r2.dev — an anonymous Cloudflare R2 bucket —...
Malicious code in @dreamlake/lakeshore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef6f14503697000ebd139364326d859a625a27a669e6f53b3e7a9388c3b0b25 On install, dist/cli/daemon/install.js fetches content from https://pub-c0109e197b4a4d1abe5884ac4dd3a023.r2.dev — an anonymous Cloudflare R2 bucket —...
MAL-2026-4578 Malicious code in hiura-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ebb60061f29d4f4279bca1129ebfccefb928bd22364f26961205935ff71393f This is a fork of the Baileys WhatsApp library that adds undocumented behavior abusing the consumer's authenticated WhatsApp account for the author's...
MAL-2026-4548 Malicious code in dds-js-idl-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8941c301603919022f1d67d311d576d5d5efcac7ed7cb0d3526cb71e829d6 On npm install, the package's postinstall.js runs whoami and reads os.hostname, os.platform, the current working directory, and CI-related environmen...
MAL-2026-4683 Malicious code in tax4all-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411707aa243c516b714830da4805c4abacaa4d5f7e2e8959773cd93468dd78aa The exported ContactForm Vue component in deploy/dist/index.js hardcodes form submissions to https://formsubmit.co/ajax/[email protected] — the...
Malicious code in llm-context-compressor (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in dev-env-bootstrapper (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in prompt-engineering-toolkit (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...