5 matches found
Malicious code in @appupdate/cdn-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...
MAL-2026-6531 Malicious code in @appupdate/cdn-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...
MAL-2026-4468 Malicious code in @wengine-ai/claude-code-router-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...
MAL-2026-3770 Malicious code in prisma-callback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aab2820bfb9036995418ba2b36887f8970d7deaa69d8bc4aa24e36266bf18d1 [email protected] is a name-confusion package against the genuine prisma ORM. Its package.json declares "preinstall":...
npm react-native-keys 安全漏洞
npm react-native-keys is a mobile environment variable security library from US-based npm. A security vulnerability exists in npm react-native-keys version 0.7.11, which stems from encrypted passwords and Base64 blocks being stored in plaintext in compiled native binaries, potentially leading to...