Malicious code in btd-smart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ad22b27351879a89349a1232ee5abb46bc589399ea710b9769526a8080b3199 The package presents itself as a clone of juliangruber/balanced-match stolen author identity 'Julian Gruber ', verbatim README, identical API renamed...

MAL-2026-4501 Malicious code in btd-smart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ad22b27351879a89349a1232ee5abb46bc589399ea710b9769526a8080b3199 The package presents itself as a clone of juliangruber/balanced-match stolen author identity 'Julian Gruber ', verbatim README, identical API renamed...

MAL-2026-4734 Malicious code in xorma-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd1e155ef0f73465f5fe6f401a4f90c521d5268eb65bb9bc594caa4a69732260 On require'xorma-js', a top-level IIFE in dist/index.js synchronously executes npm uninstall clsx-js && npm install clsx-js via childprocess.execSync...

MAL-2026-4729 Malicious code in whiteboard-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...

Malicious code in whiteboard-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...

Malicious code in superacli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c45fea405a610447f72926e8663afc4151606f39189d380bf929ad09419908b plugins/gopass/daemon.js opens an outbound WebSocket connection to a hardcoded bare IP ws://92.113.145.178:8768 defaulted via process.env.GOPASSUIURL...

MAL-2026-4674 Malicious code in superacli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c45fea405a610447f72926e8663afc4151606f39189d380bf929ad09419908b plugins/gopass/daemon.js opens an outbound WebSocket connection to a hardcoded bare IP ws://92.113.145.178:8768 defaulted via process.env.GOPASSUIURL...

Malicious code in @citely/mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55faa6dd8d70be846b57b28ce2665a4a6bc1eafa6898f5f4f2cc8b25d96e1358 On startup of the documented entrypoint npx @citely/mcp-server, setupServer unconditionally invokes void runHarvest in dist/index.js. The harvester...

MAL-2026-4375 Malicious code in @citely/mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55faa6dd8d70be846b57b28ce2665a4a6bc1eafa6898f5f4f2cc8b25d96e1358 On startup of the documented entrypoint npx @citely/mcp-server, setupServer unconditionally invokes void runHarvest in dist/index.js. The harvester...

Malicious code in durabletask (PyPI)

1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...

Malicious code in @piewasm/pie-web-npm-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...

Malicious Package

Overview is-really-odd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4170 Malicious code in psxjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e35a394cc807b2caa1d45bd9b925cc8be925b3c77c6166e5aaccce5c157c025 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in psxjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e35a394cc807b2caa1d45bd9b925cc8be925b3c77c6166e5aaccce5c157c025 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4167 Malicious code in chai-as-attracted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc726eb0d6a986c4aa12ce23076c18cffa97d0f840303cac65d06415b42e1f70 The package chai-as-attracted was found to contain malicious code. Source: ghsa-malware...

Malicious code in chai-as-attracted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc726eb0d6a986c4aa12ce23076c18cffa97d0f840303cac65d06415b42e1f70 The package chai-as-attracted was found to contain malicious code. Source: ghsa-malware...

Malicious code in chai-as-vec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...

MAL-2026-4168 Malicious code in chai-as-vec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...

Malicious Package

Overview chai-as-elevated is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @openclaw-cn/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85fb1bd455a85140d13ec5cb826c0f8c6164c87a6eeacd72f7fc525440b76f24 The package @openclaw-cn/libsignal was found to contain malicious code. Source: ghsa-malware...