311861 matches found
Malicious code in xarc-webpack-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29d869051afe04db57e24dad1092c70992f83465d60989f5120e17d7fa20310 The package ships a preinstall hook node poc.js || true that runs on every npm install. poc.js collects host fingerprint data hostname, username,...
MAL-2026-4396 Malicious code in @izumiswap/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63bd0a7aaa4ac18d8ae0c57c07bec05cb4f69e8650e77c117d11c048e5cec004 On npm install, scripts/postinstall.js runs as the preinstall/postinstall lifecycle hook and performs an unambiguous install-time RCE. It first...
MAL-2026-4770 Malicious code in spip-pth-demo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9 The package installs a suspicious-demo.pth file into site-packages via setup.py's datafiles="", "suspicious-demo.pth". Python auto-processes.pth file...
MAL-2026-4351 Malicious code in @databus-service-ui/ui-event (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b82b3af71dce087a185cffa6f3691ad5a4e4c3d9e35154070ef4ad0dd4f15b10 scripts/postinstall.js performs two install-time attacks against any machine that runs npm install. 1 Credential exfiltration: it iterates process.en...
MAL-2026-4420 Malicious code in @polka-ui/loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f93cf8dde7e6a1252424fc82f38e8502a37d9e427d92d412fd8944c91b8ee5a4 On npm install, scripts/postinstall.js downloads a per-OS payload from https://oob.moika.tech/payload/linux|mac|win, writes it to /tmp/.polka-uiinit....
MAL-2026-4519 Malicious code in chromestaff-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d5fad12014025f37f607a61051a445262f37bcee6682850dfd77cc0dcb0b486 chromestaff-baileys is a fork of the Baileys WhatsApp library that, on every successful WhatsApp connection, silently forces the connected user's...
MAL-2026-4685 Malicious code in tempo-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6790e6e83af71238b9773ae49568f5374d094d23d1a7247ef4560d645ef64024 The package contains a file poc.js that imports os, https, fs, and childprocess; collects host identifiers including os.hostname, os.platform, and th...
MAL-2026-4595 Malicious code in koishi-plugin-fusheng-count (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 060196a35f8eb94f7e91f892daf62aee8e293d16130565dfbc837877df264db5 lib/index.js contains a base64-obfuscated hardcoded user ID Buffer.from"Mjc1OTcyMDE2MQ==", "base64".toString"utf-8" decoding to QQ ID 2759720161 whic...
Malicious code in claude-channel-imessage (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...
Malicious code in clawpro-diagnostics-metrics-cls (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and...
MAL-2026-4527 Malicious code in clawpro-diagnostics-metrics-cls (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and...
Malicious code in auth-basic-vault (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3227380d9ef91ce63237acc9656b88a50b29aeeb05c594b700c5936a7527543 On require'auth-basic-vault', lib/writer.js attempts to require'authcascade' at module top level and, on failure, shells out via execSync to npm...
MAL-2026-4656 Malicious code in raise-common-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7401fb7c3259e43181ef51ca47b984450f7a849fed5a9598e6131b4c0ed5d2bb The package's rich-text editor module hardcodes an Azure OpenAI endpoint https://aidevused.openai.azure.com/ and an api-key in...
Malicious code in jules-standard (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68192c93adffde34c344bbc8448fe604a749ba448c9fd982f6ba9f8564ff4705 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-stream-compose (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1b5f1b3bc249263fa62dddbd51e09f4c9073d7807890a85da174bc76affa787 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4330 Malicious code in ts-stream-compose (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1b5f1b3bc249263fa62dddbd51e09f4c9073d7807890a85da174bc76affa787 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4317 Malicious code in jules-standard (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68192c93adffde34c344bbc8448fe604a749ba448c9fd982f6ba9f8564ff4705 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @gbrlxvii/ts-env-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a87c7356d89cd5eab9c271d10f1a74e288d09e5cf9333a9ee102ef8a532b31dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-iter-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52fbece62de86bd0498245046503745a1c94d8be949096277c47cd4a01f99dcf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-typeguard-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f74d71bf9db34dbac382712020acc0d441e7921053f6664204f5bbff1906b96f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...