Lucene search
K

51 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago13 views

Malicious code in polymarket-kelly-math-stake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cf5ba9cd75b1a773e3a04e6eb45778894e04fd1d55b2e8ad03ae97deb41d16 [email protected] runs a postinstall script scripts/install-check.cjs that fetches a JSON config from...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in polymarket-kelly-stake-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9798cce0effcbcf5ed3295f322a375bb1a3cbb7e9db4b7d88c802bf5116639e3 [email protected] advertises itself as a pure Kelly-stake math helper but its postinstall hook scripts/install-check.cjs, invoked fro...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 12:0 a.m.6 views

Malicious code in datefmt-helper (npm)

The npm package datefmt-helper is a supply-chain dropper disguised as a benign date-formatting utility its description reads "dates formatting utility with locale support". The package ships no source repository and places its real behaviour in an install script. A postinstall lifecycle hook...

6.5AI score
Exploits0References3
OSV
OSV
added 2026/07/01 12:21 p.m.11 views

MAL-2026-6722 Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
OSV
OSV
added 2026/06/29 4:17 a.m.4 views

MAL-2026-6574 Malicious code in yandex-geobase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6219d513896736aee31ce33719d6ae2d1f5b03293ecdfe884d944bbb3eb99a [email protected] squats the internal-sounding name 'yandex-geobase' and ships a postinstall script that performs an HTTP GET to a hardcoded bare-...

6.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:21 p.m.7 views

Malicious code in date-format-helper2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66c1775ce65ad47476ee1a0f1c7c5373e61466ec3eb4543cc658e67d2de22960 Package is advertised as a React date-formatting utility, but its postinstall.js performs targeted credential harvesting on npm install. The script...

5.8AI score
Exploits0References8
OSV
OSV
added 2026/06/23 2:12 p.m.6 views

MAL-2026-6292 Malicious code in @outmarket/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cd90f0d706cda01a5740f120f6e8d22ae57d907a5000854439c201b3c53a8c0 package.json declares a postinstall lifecycle script that fires automatically on npm install. The inline node -e payload uses hex-encoded property...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/17 7:9 p.m.8 views

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 2:10 a.m.21 views

Malicious code in @ci-lifecycle-test/postinstall-ping (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/13 2:10 a.m.13 views

MAL-2026-5723 Malicious code in @ci-lifecycle-test/postinstall-ping (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/12 8:35 p.m.25 views

MAL-2026-5712 Malicious code in jextic-eclib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6476409b9cb9296b7f778be375081c8ad12b030658351092e9fef90f4b707 On npm install, the package's postinstall hook postinstall.js requires index.js, whose top-level scanAndExfiltrate call walks the installer's working...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/11 4:45 a.m.11 views

MAL-2026-5562 Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 2:53 a.m.18 views

MAL-2026-5556 Malicious code in janus-flow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d33c10c068a69d14d0333b93de7745caffd62013c57de6c55f20a6b53ffdcb1 On npm install, the package's postinstall hook node postinstall.js 2/dev/null || true silently runs a credential harvester against the installer...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/11 2:2 a.m.11 views

MAL-2026-5542 Malicious code in india-map-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1de9d093e23698e3ad3f0336a7619bd43049d1f62b822744733a48060b51a4a package.json declares a postinstall hook that runs curl -skL...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.16 views

Malicious code in getd-typescript-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:29 p.m.12 views

MAL-2026-5470 Malicious code in getd-typescript-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:6 p.m.15 views

Malicious code in @0xlr/supabase-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0feb7f8ea3069b0e830043fea195c088ea28709cc18a32676f389c61a15fc84c On npm install, the package's postinstall.js script enumerates all of process.env and collects host identifiers os.hostname, username, homedir, cwd,...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:0 a.m.19 views

Malicious code in @emcd-vue/b2b-pay-form (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to distribute multiple malicious packages posing as internal tooling under the "EMCD Platform...

6.6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 12:0 a.m.19 views

Malicious code in @capibar.chat/ui-kit (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 12:0 a.m.17 views

Malicious code in @t-in-one/prefill_transformers_data_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
Rows per page
Query Builder