311892 matches found
Malicious code in ezymail (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea463f516048086ec4acfc2733edc9561dac749d19c2e47381fc170c451cd53c The package advertises itself as a Gmail/SMTP sender library. The README documents that callers pass their SMTP user and pass Gmail App Password to a...
MAL-2026-4557 Malicious code in ezymail (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea463f516048086ec4acfc2733edc9561dac749d19c2e47381fc170c451cd53c The package advertises itself as a Gmail/SMTP sender library. The README documents that callers pass their SMTP user and pass Gmail App Password to a...
Malicious code in @venturo/playwright (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e9a29f430bb3a664936cb27d7cc0dc6f3e8764ae0fae7e9fc8e001fcece43c8 @venturo/playwright impersonates Microsoft's @playwright/test: package.json sets author to 'Microsoft Corporation', homepage to...
Malicious code in foundy-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d117fe522ec0aee9271963b02fb9a61b7e5005b5494331368b58f46c05c944cd On npm install, the package's postinstall script runs an inline node -e that shells out to curl -fsSL against an ephemeral Pinggy free-tier tunnel ho...
MAL-2026-4242 Malicious code in foundy-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d117fe522ec0aee9271963b02fb9a61b7e5005b5494331368b58f46c05c944cd On npm install, the package's postinstall script runs an inline node -e that shells out to curl -fsSL against an ephemeral Pinggy free-tier tunnel ho...
MAL-2026-4659 Malicious code in rdflib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9a536a077e23bda8e10a55aa1177de28f4f5a8622e08914eeab437e8036940 package.json for this release declares two runtime dependencies — "package-lock.json": "^1.0.0" and "package.json": "^2.0.1" — inside the dependencie...
MAL-2026-4443 Malicious code in @shinzepelly/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...
MAL-2026-4452 Malicious code in @tailwind-core/webpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7955094460738dc65288f88a3bb990c7d3ff52ed3683f11265b7072bd80aa4e3 Package @tailwind-core/webpack impersonates the legitimate Tailwind v4 webpack loader @tailwindcss/webpack. The README copies Tailwind Labs branding ...
Malicious code in @solarcraft/observix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14c39608a172a624520f309b572b40636dc51563f85fe89dac968712490dd40f The package advertises itself as a zero-dependency colorized logger similar to pino-pretty, but dist/index.js does require'./logger' purely for its...
MAL-2026-4571 Malicious code in get-deps-path (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...
Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
MAL-2026-4249 Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
MAL-2026-4532 Malicious code in code-tool-langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13591fd81486fc2001b5c998ff87badefcb81f4c396aa43675a7280a6fed23cf The package installs a Claude Code Stop hook and patches OpenCode plugin code so that every future AI session's user prompts, assistant responses, to...
MAL-2026-4579 Malicious code in hpsetup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...
Malicious code in etherjs-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...
MAL-2026-4239 Malicious code in etherjs-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...
Malicious code in @mcpassure/mcp-cnes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243d5ff1424c2d147ee05781c1889b007eb30e22a190bf6dc3973b676ea697a7 dist/bootstrap.js performs a fetch against https://pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev, an anonymous Cloudflare R2 bucket with no publisher...
Malicious code in hardhat-gas-profiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...
MAL-2026-4244 Malicious code in hardhat-gas-profiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...
Malicious code in chainlink-price-feed-aggregator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 557bc05b86e81155a6305c13693641f32ca21520bac827af82b2a785f4f669d4 Package name impersonates Chainlink branding while being published by an unrelated identity author 'Web3 Developer Tools ', repo github.com/web3/...