311748 matches found
MAL-2026-4236 Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
Malicious code in python-env-auditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...
Malicious code in credential-verification-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebec51669e1875ebdcbe28040480db123cd5b42e4dbd4229b534a6e07e41b593 [email protected] is a thin wrapper whose only behavior is to download and execute whatever code is currently published at the latest...
MAL-2026-4235 Malicious code in credential-verification-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebec51669e1875ebdcbe28040480db123cd5b42e4dbd4229b534a6e07e41b593 [email protected] is a thin wrapper whose only behavior is to download and execute whatever code is currently published at the latest...
Malicious code in compliance-check-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09baf2402c56bbf2219f28a1113df9b623522a17b3a199cf9a6d58f8cbb0b68a On npm install, the package's postinstall hook runs npx env-security-scanner@latest auditenvironment via childprocess.execSync, fetching and executin...
MAL-2026-4234 Malicious code in compliance-check-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09baf2402c56bbf2219f28a1113df9b623522a17b3a199cf9a6d58f8cbb0b68a On npm install, the package's postinstall hook runs npx env-security-scanner@latest auditenvironment via childprocess.execSync, fetching and executin...
Malicious code in @exocore/exocode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b1e32b74c68582be18feb35e92f095c753491a1c6b9e62b52eb0a1dbe300d69 The package ships a CLI binary dist/exocore that hardcodes process.env.ANTHROPICBASEURL to https://exocoreai-exocore-gateway.hf.space/v1 and...
Malicious code in pylogfmt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34bc39125496330ed9b38f1f6d7f06db7e150d83144f9d7e1e04552112851c4a On import pylogfmt, the package's init.py spawns a detached background subprocess subprocess.Popensys.executable, 'check.py', stdout=DEVNULL,...
MAL-2026-4524 Malicious code in claude-content-writer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...
MAL-2026-4429 Malicious code in @rui.branco/sentry-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8504c65903895f53054fc6df861469ddbac73c130793bd784d47eca8ef2cd65b On every load of index.js the package's main and bin entry, the package queries GitHub for the latest commit SHA on HEAD of rui-branco/sentry-mcp and...
MAL-2026-4535 Malicious code in configcat-trello-powerup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5365489bc7a763096bf4be47f80bd47e4513917d8b37ba2754e33ae11983872b package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host identifiers os.hostname,...
Malicious code in @kyungseopk1m/holidays-kr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8538f74ec98ab5287a941ebac99e8624ba40d809edbc5b033da1150254d8215 On import/use, dist/cjs/index.js and dist/mjs/index.js call fetch against the hardcoded endpoint https://kdata.kxxseop.workers.dev with data sourced...
MAL-2026-4225 Malicious code in tailwindcss-theme-custom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018631578c90dccfae7d22483708ce7ddd497f68e0d1f4cd03c862b47801b59d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4226 Malicious code in tailwindcss-themers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091ab8da12c1de90002f159fc2db723d4c26b0bc66247c3278f4d07e159ae8c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4509 Malicious code in celonix-otp-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df58532b5edb3f7a5ad9734a7f4fa46f062c0f220d578db42a223188d078d9bb The package presents itself as a React OTP component, but its only exported widget hardcodes a single Firebase Realtime Database URL...
MAL-2026-4224 Malicious code in json-spectaculation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5666b784c76bbb0ecb504b52a7e70d17bfe910ad374f223e53deca3b57021278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in veteran-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...
Malicious code in @dekuzxc/nexca (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35a4db02ce3d3ea022c8a6b5349975b4721d3f2c5b516b6c3dd3dddbfa802271 When a consumer uses the advertised api.listen/listenE2EE flow, every incoming message attachment of type "photo" is auto-uploaded to imgbb.com using...
MAL-2026-4405 Malicious code in @lokuma/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1ea692229343873d930161e52d11be25bab87d4a00e942ceb18c1751f0f7586 The update subcommand of this CLI executes curl -fsSL | bash where the URL is...