311862 matches found
Malicious code in @euqns/nudge-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b1e494fee8148b95f98e5de04cc4ecd78ed793ff2d019ae672e2b22d2debc3b The package ships dist/setup.js which performs HTTP POST requests at install time to a hardcoded external endpoint at...
MAL-2026-4387 Malicious code in @euqns/nudge-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b1e494fee8148b95f98e5de04cc4ecd78ed793ff2d019ae672e2b22d2debc3b The package ships dist/setup.js which performs HTTP POST requests at install time to a hardcoded external endpoint at...
MAL-2026-4252 Malicious code in @43uh3ig43/telemetry-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37d4a096b834c0d9acdddefee09b0c6cb4d8c6f68513b2ebb4ec88424f491e89 On npm install, the package's preinstall, install, and postinstall lifecycle hooks all invoke telemetry.js, which collects host metadata OS,...
MAL-2026-4385 Malicious code in @druids/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 071ce35c0d6a17c606e5448f4c485228df973342935b0a11519304050877edf5 The package's package.json declares a dependency ltidisafe resolved not from the npm registry but as a direct tarball URL:...
MAL-2026-4774 Malicious code in vulndify-mcp-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6110bfbfb3eac275094aefd342ef273350829f83c53c480e29df1f872b335650 The package advertises itself in the README as offering only a benign hello MCP tool, but src/vulndifymcpserver/server.py registers two additional,...
MAL-2026-4444 Malicious code in @shwfed/nuxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87ac343d6f89a601749bb115fa6902e7d39c71a0a6469690ecef56e9ea8a135e @shwfed/nuxt is published as a Nuxt UI module but contains undocumented build-hook code that, when a consumer integrates the module and runs a build...
Malicious code in pypi-build-verifier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4245 Malicious code in pypi-build-verifier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview defi-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4238 Malicious code in env-security-scanner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dac5f39ed612b7e8d1796ce2d805972734f22bb8bb706fd2a703834cba20f0ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mev-shield (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...
Malicious code in pylogft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...
MAL-2026-4253 Malicious code in pylogft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...
Malicious code in deploy-guard-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abc19d43e7ea3e330ad8c0cd7330a205d833ebd1fed2ed2f00cd48bcbd77bead The package is a thin dropper. Its package.json postinstall hook runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
MAL-2026-4237 Malicious code in deploy-guard-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abc19d43e7ea3e330ad8c0cd7330a205d833ebd1fed2ed2f00cd48bcbd77bead The package is a thin dropper. Its package.json postinstall hook runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
Malicious code in build-integrity-verify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a4941223186440162de6c5ce0a5a5797589d69e6957473761b04818b8b9b5e7 The package contains no functionality of its own. Its postinstall lifecycle hook runs npx env-security-scanner@latest auditenvironment via...
MAL-2026-4236 Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
Malicious code in python-env-auditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...
MAL-2026-4235 Malicious code in credential-verification-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebec51669e1875ebdcbe28040480db123cd5b42e4dbd4229b534a6e07e41b593 [email protected] is a thin wrapper whose only behavior is to download and execute whatever code is currently published at the latest...