311748 matches found
MAL-2026-4452 Malicious code in @tailwind-core/webpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7955094460738dc65288f88a3bb990c7d3ff52ed3683f11265b7072bd80aa4e3 Package @tailwind-core/webpack impersonates the legitimate Tailwind v4 webpack loader @tailwindcss/webpack. The README copies Tailwind Labs branding ...
Malicious code in @solarcraft/observix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14c39608a172a624520f309b572b40636dc51563f85fe89dac968712490dd40f The package advertises itself as a zero-dependency colorized logger similar to pino-pretty, but dist/index.js does require'./logger' purely for its...
MAL-2026-4571 Malicious code in get-deps-path (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...
Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
MAL-2026-4249 Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
MAL-2026-4532 Malicious code in code-tool-langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13591fd81486fc2001b5c998ff87badefcb81f4c396aa43675a7280a6fed23cf The package installs a Claude Code Stop hook and patches OpenCode plugin code so that every future AI session's user prompts, assistant responses, to...
MAL-2026-4579 Malicious code in hpsetup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...
Malicious code in etherjs-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...
MAL-2026-4239 Malicious code in etherjs-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...
Malicious code in @mcpassure/mcp-cnes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243d5ff1424c2d147ee05781c1889b007eb30e22a190bf6dc3973b676ea697a7 dist/bootstrap.js performs a fetch against https://pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev, an anonymous Cloudflare R2 bucket with no publisher...
Malicious code in hardhat-gas-profiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...
MAL-2026-4244 Malicious code in hardhat-gas-profiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...
Malicious code in chainlink-price-feed-aggregator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 557bc05b86e81155a6305c13693641f32ca21520bac827af82b2a785f4f669d4 Package name impersonates Chainlink branding while being published by an unrelated identity author 'Web3 Developer Tools ', repo github.com/web3/...
MAL-2026-4233 Malicious code in chainlink-price-feed-aggregator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 557bc05b86e81155a6305c13693641f32ca21520bac827af82b2a785f4f669d4 Package name impersonates Chainlink branding while being published by an unrelated identity author 'Web3 Developer Tools ', repo github.com/web3/...
Malicious code in ganache-cli-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144bbaf975156b3114f5526a7e9a8ffbe8eb411a541c7e457b7bf444200a02c5 Package name impersonates the widely-used ganache-cli Ethereum development tool but ships only a 138-byte index.js stub that wraps...
MAL-2026-4243 Malicious code in ganache-cli-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144bbaf975156b3114f5526a7e9a8ffbe8eb411a541c7e457b7bf444200a02c5 Package name impersonates the widely-used ganache-cli Ethereum development tool but ships only a 138-byte index.js stub that wraps...
MAL-2026-4248 Malicious code in solna-web3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6076f4236301f997d420c7daba9b12c035fe2866fa9fa42f59be230b5e90350a Package name 'solna-web3' is a one-character typosquat of the popular '@solana/web3.js' drops the 'a' from 'solana'. The package's only real...
MAL-2026-4247 Malicious code in solana-pda-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 932b19a77a3ac634909a0f284df48d9b2a8b28f9c5370bd50306d7ba5a1335e9 On npm install, package.json's postinstall hook runs node -e to issue an https.get against...
MAL-2026-4241 Malicious code in foundry-deploy-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ad9106b013b6e68056e1afe40a833d89b1c2037aab7b67d4b24bba1dbf4c77 package.json declares a postinstall hook that runs node -e with an inline childprocess.execSync invoking curl -fsSL...
Malicious code in foundry-deploy-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ad9106b013b6e68056e1afe40a833d89b1c2037aab7b67d4b24bba1dbf4c77 package.json declares a postinstall hook that runs node -e with an inline childprocess.execSync invoking curl -fsSL...