965 matches found
Malicious Package
Overview sensivity is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in swagger-express-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342bf1e361c6684c276c1afc618d78d82268e93898daddaef74873a49c6111b2 On require'swagger-express-routes', the package's main entry transitively loads src/utils/lib.min.js through src/connector/index.js line 1:...
MAL-2026-5509 Malicious code in npmjs_truffle-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fbc74fbe261cc7bba8c1f9005f7b7573aff1240a5ac8bbf831a3ce8a7c23e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5124 Malicious code in @chat-template/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90c0b7addd5c00b1a582b2097be6020f543e892e5189b58bd0ba94d94e1e5056 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in raven-i18n-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16965d1a02185ab8a7880951f6889127e66f0c1b3ffc718023ce2ac3593bffc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @polka-ui/loads (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1c2dc697d40151aa0c28a6e1bc5fd467a78649ea136e58a874a8269fec093ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4232 Malicious code in build-integrity-verify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a4941223186440162de6c5ce0a5a5797589d69e6957473761b04818b8b9b5e7 The package contains no functionality of its own. Its postinstall lifecycle hook runs npx env-security-scanner@latest auditenvironment via...
MAL-2026-4184 Malicious code in stripe-internal-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6add7fd3034c5b0d00e39e2cbfeb7c664085ef412612b53ebe9fd81767449be package.json declares a postinstall hook that auto-fires on npm install and performs reconnaissance + exfiltration against the installer. The inline...
MAL-2026-4173 Malicious code in is-really-odd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f205432fff885dce7a6dee0e8d1267c65944d3e486abd566683caeaad833692 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @antv/g6-editor (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/graphin-graphscope (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4152 Malicious code in ribbon.js (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in viem-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe6492eec3b776a8654ae561b2f6d53c1a02ab00186b7dc5c8c72fb613c4e901 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/ui-widgets-multi-file-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11925b121ae53cf0e735a083521dcd0dbea2b475fedf3ff4e66e4cfac9d7bbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3545 Malicious code in @uipath/flow-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8016b3433ca7e37f6e4ac3a263a05fd7ba16ce1f652615018abffe280623d21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3445 Malicious code in @squawk/geo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b40cdbd9c6b1d4f4cfb2769aa09dc2a6c1375426de1eaa166de681740f556cd4 The package @squawk/geo was found to contain malicious code. Source: ghsa-malware ff0e460885b141aab0b22a38b446936439b76287160c78aaad30d7ad4ab22ed9 An...
MAL-2026-3444 Malicious code in @squawk/flightplan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e10ea8e442eceb45822eebfabfb86917c9a166af2490c6e670da321110d04d47 The package @squawk/flightplan was found to contain malicious code. Source: ghsa-malware...
Malicious code in @tanstack/router-devtools-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pocpoc2626 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a43e5357592b2bbbe0c68be3960ac829ab988a15b57d63df5ab954c9d0b5b09 The package pocpoc2626 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in apexpro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80f8783908329ceda250d21f3d9d39a117f80f8ca55c400c72065449d2a0bc1c The package apexpro was found to contain malicious code. Source: ghsa-malware fb2932c368cbb684114a08865c171d8af11aa8af3738e7d156f5692beccd48d5 Any...