32104 matches found
Malicious code in jsonfb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc07bf73ed684a1d555baa4dc6cadcd170bde4da4779ef62c0dd3f9cf02c99a Package [email protected] is presented as a JSON.parse bigint helper mimicking json-bigint, and re-using the real json-bigint maintainer's name in...
MAL-2026-10361 Malicious code in omglucidesotuff (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d144d98f0e90909ee371acfeeec0ad2ffe44450335ddf7f7a58f71a53dc7b107 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in type-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d064750b4e3821d296d538ea749483e3f9cd54299645fc1c895e5c1af3639b5d The package presents itself as pino typosquat; README mirrors pino. The main entry index.js exports a middleware factory that, on invocation, spawns...
Malicious code in type-plint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37979cc60cff25e26406f3426f0dd7aeac12c13e55402c89f78228080cac0ad9 The package advertises itself as a pino-style logger but its exported middleware spawns lib/caller.js as a detached Node child process. lib/caller.js...
Malicious code in paperclip-adapter-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d49d1a6c5381f58370cbfedc2321bd44796eb4ea79541d967a661760d9759801 [email protected] executes a credential-theft and C2 backdoor automatically on import. The package's main re-exports...
MAL-2026-6784 Malicious code in @marketfront/livestreampreviewpopup (npm)
The @marketfront/livestreampreviewpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0...
Malicious code in polymarket-trading-developer-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30ffc35841039a7a95d8b5590db211f34b662975513f3a054b8be282f0858c99 The package's postinstall lifecycle script performs install-time remote code execution. It reads a bundle URL from a JSON config hosted at...
Malicious code in @appupdate/cdn-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...
Malicious code in velocityfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c937a54c3629f80fb7b92fbdafda502706b6028b43bc4675eb30c55d9bc059e9 Package masquerades as 'Performance fixes for Minecraft Velocity proxy' authored by 'Velocity Team' — Velocity is a Java project from PaperMC and has...
MAL-2026-6487 Malicious code in velocityfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c937a54c3629f80fb7b92fbdafda502706b6028b43bc4675eb30c55d9bc059e9 Package masquerades as 'Performance fixes for Minecraft Velocity proxy' authored by 'Velocity Team' — Velocity is a Java project from PaperMC and has...
MAL-2026-6341 Malicious code in react-check-error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d89ef9716015743217a9492f4b4469459da701a1b6198851f1527033f1e5c9ae On require, index.js invokes initMsgCache at module top level. The function derives an AES-256-CBC key, IV, and ciphertext from a hardcoded 161-byte...
Malicious code in @nullzero/urlcat (npm)
@nullzero/urlcat version 1.4.2, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern [email protected], with...
MAL-2026-6209 Malicious code in @antoncarlos1/nodelamp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d930df8b6392b3bbfe3b591d90226374d31fb246e06018521f3f673a815b618a @antoncarlos1/[email protected] ships a single obfuscated index.js that runs a dropper on require. The top-level IIFE constructs a hardcoded IPv4 URL by...
Malicious code in abuden218 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e1df12b592dc442d5266d4244831fd0b6ceb94c0960a26815f5fad3246b828 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in set-proto-chain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdb11eef3afbfc268bd48a18737884246861c7ae9e6a3d29901ae1379216c633 lib/index.js contains a base64-encoded URL decoding to https://jsonkeeper.com/b/BN77K, an anonymous mutable paste host that is fetched via axios.get;...
MAL-2026-6145 Malicious code in accordion-animationtiming-authorization (npm)
The npm package accordion-animationtiming-authorization published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component moun...
MAL-2026-6148 Malicious code in async-protobuf-av (npm)
The npm package async-protobuf-av published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
MAL-2026-6178 Malicious code in streaming-downloads (npm)
The npm package streaming-downloads published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in @mastra/github-signals (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e263abbd9ed9975f3f8aaecfd1a780616bc3aef00238ed9ba9075b5bf4e38f37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5929 Malicious code in backoffice-charges-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 047eb92a0e8bb401b2c205765616c9b4b715ee7cfd33d2e6ef9dc8d645b77f04 On every npm install, the preinstall lifecycle script node index.js /dev/null 2&1 silently HTTPS-POSTs a JSON payload to https://avamnrwqo7.rbmock.de...