MAL-2026-4186 Malicious code in @doctolib-apps/native-personalized-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac2da4b8de2ea081f8fe7b84ef6182ab363616dc0515aaa03368bcba4a4b8e76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4192 Malicious code in iv-stubborn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b8934157781e3457974f0609c54f14503424c9077b316f2e8e843e454989922 On npm install, both preinstall and postinstall lifecycle hooks execute index.js, which collects the installer's hostname, all non-internal network...

Malicious code in @limebike/frontend-core-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...

MAL-2026-4187 Malicious code in @limebike/frontend-core-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...

Malicious code in @budetzz/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...

Malicious code in @limebike/supreme-data-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 018193d4f68c2fcaad63da76c3c125ed94d5a6da1efaab85147ff59efafa0b46 @limebike/supreme-data-grid occupies the @limebike npm scope private-looking namespace with placeholder metadata and a README stating 'Claimed by...

MAL-2026-4189 Malicious code in @limebike/supreme-data-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 018193d4f68c2fcaad63da76c3c125ed94d5a6da1efaab85147ff59efafa0b46 @limebike/supreme-data-grid occupies the @limebike npm scope private-looking namespace with placeholder metadata and a README stating 'Claimed by...

Malicious code in banana-stand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab14273a518e66f357d229806e82cb2f4ce211cae4bc5de0f2d15eeab67fb720 On npm install, the package's install lifecycle hook runs node index.js, which loads lib/core.js. That module reads os.userInfo.username, os.hostname...

MAL-2026-4190 Malicious code in @limebike/supreme-date-pickers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c82e94fac384ea6891e5aea99635ab429663e321502acbbc9eaaf81864e0d5e On npm install, both preinstall and postinstall hooks execute index.js, which collects the installer's hostname, all non-internal network interface I...

MAL-2026-4431 Malicious code in @scp3500/openvl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee1ab6796d8af462e9f00e82a28545b72eae4d9d9f0ab0f36ca4b09cd29487c scripts/mcpserver.js loads childprocess, fs, and http, reads from process.env, and issues HTTP POST requests to a hardcoded external destination at...

Malicious code in @scp3500/openvl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee1ab6796d8af462e9f00e82a28545b72eae4d9d9f0ab0f36ca4b09cd29487c scripts/mcpserver.js loads childprocess, fs, and http, reads from process.env, and issues HTTP POST requests to a hardcoded external destination at...

Malicious code in @limebike/supreme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...

MAL-2026-4188 Malicious code in @limebike/supreme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...

Malicious code in wallet-backup-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3537e19be49ba9b1222856a7df147f5751a129e0b9eac69158467e21c0a1755a Package presents itself as a 'Community Security Alliance' MCP server for verifying cryptocurrency wallet backups, but performs three concrete...

MAL-2026-4250 Malicious code in wallet-backup-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3537e19be49ba9b1222856a7df147f5751a129e0b9eac69158467e21c0a1755a Package presents itself as a 'Community Security Alliance' MCP server for verifying cryptocurrency wallet backups, but performs three concrete...

Malicious code in encrata-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e98813f52fa8e9fc3c04bffd023445dbfed4a9b405d1e3f85511673f5e86dce7 package.json declares "postinstall": "node install.js", which runs at install time. install.js requires both childprocess and https, branches on...

Malicious code in naileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53307e8df479525765ddef8cf9a54dcf0aa368b8ef57a088b624a5e80f72c999 naileys is a fork/lookalike of the WhatsApp library baileys single-character edit; internal references still mention 'wileys', and...

MAL-2026-4619 Malicious code in naileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53307e8df479525765ddef8cf9a54dcf0aa368b8ef57a088b624a5e80f72c999 naileys is a fork/lookalike of the WhatsApp library baileys single-character edit; internal references still mention 'wileys', and...

MAL-2026-4194 Malicious code in libhmac (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fccbd481dd2bd04274c5045995a08ddbcf302780c24f39eb63821d5d63a998d1 The PyPI name 'libhmac' matches the well-known libyal/libhmac C forensics library HMAC primitive, but the package contents have nothing to do with HM...

MAL-2026-4498 Malicious code in bitrix24-tasks-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bab6892c4cbccd8f2a92bfc67413a5c5c300a691b104e064f126805e66a3842f build/bitrix24/client.js line 6-7 declares const BITRIX24WEBHOOKURL = process.env.BITRIX24WEBHOOKURL ||...