MAL-2026-4375 Malicious code in @citely/mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55faa6dd8d70be846b57b28ce2665a4a6bc1eafa6898f5f4f2cc8b25d96e1358 On startup of the documented entrypoint npx @citely/mcp-server, setupServer unconditionally invokes void runHarvest in dist/index.js. The harvester...

Malicious code in @citely/mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55faa6dd8d70be846b57b28ce2665a4a6bc1eafa6898f5f4f2cc8b25d96e1358 On startup of the documented entrypoint npx @citely/mcp-server, setupServer unconditionally invokes void runHarvest in dist/index.js. The harvester...

Malicious code in durabletask (PyPI)

1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...

Malicious code in @piewasm/pie-web-npm-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...

Malicious Package

Overview is-really-odd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in psxjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e35a394cc807b2caa1d45bd9b925cc8be925b3c77c6166e5aaccce5c157c025 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4170 Malicious code in psxjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e35a394cc807b2caa1d45bd9b925cc8be925b3c77c6166e5aaccce5c157c025 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chai-as-attracted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc726eb0d6a986c4aa12ce23076c18cffa97d0f840303cac65d06415b42e1f70 The package chai-as-attracted was found to contain malicious code. Source: ghsa-malware...

MAL-2026-4167 Malicious code in chai-as-attracted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc726eb0d6a986c4aa12ce23076c18cffa97d0f840303cac65d06415b42e1f70 The package chai-as-attracted was found to contain malicious code. Source: ghsa-malware...

MAL-2026-4168 Malicious code in chai-as-vec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...

Malicious code in chai-as-vec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...

Malicious Package

Overview chai-as-elevated is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @openclaw-cn/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85fb1bd455a85140d13ec5cb826c0f8c6164c87a6eeacd72f7fc525440b76f24 The package @openclaw-cn/libsignal was found to contain malicious code. Source: ghsa-malware...

MAL-2026-4161 Malicious code in @cap-js/openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243c059793e8b277fc77959046b7b064cb740d568fa53e4d30b9075660d9dab5 The package @cap-js/openapi was found to contain malicious code. Source: google-open-source-security...

MAL-2026-3842 Malicious code in @openclaw-cn/feishu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72acc504960341d0f2a0b6ba0a82ddc76c32b683b772d8a95a4d7193abe5760 The package @openclaw-cn/feishu was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3841 Malicious code in @openclaw-cn/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 808f63e2460f19f5e3d3bd28745eaeb5f17a47226ad02c681e11069cd632765d The package @openclaw-cn/cli was found to contain malicious code. Source: ghsa-malware d44ce935cfbfa6f605998045f46eaa7a822658868ff8d774097bf02185e78a...

MAL-2026-3845 Malicious code in @starmind/collector-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33a028c205d18a30d3ff150b1653336fefa0ac86a6e5242811b6fb2c3283af21 The package @starmind/collector-cli was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3843 Malicious code in @openclaw-cn/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85fb1bd455a85140d13ec5cb826c0f8c6164c87a6eeacd72f7fc525440b76f24 The package @openclaw-cn/libsignal was found to contain malicious code. Source: ghsa-malware...

MAL-2026-4178 Malicious code in sickle-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cf0ce8be09572968ecc56d1879825b49624c7346a7391f203ea27e9ed0805674 The OpenSSF Package Analysis project identified 'sickle-wrapper' @ 0.2.0 npm as malicious. It is considered malicious because: - The package...

MAL-2026-4037 Malicious code in @antv/l7-district (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...