MAL-2025-191178 Malicious code in @actbase/native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 328d7b0db77bbbc8012f6aee1eec6c2c15d1fec187573be00958308bceaf3b13 The package @actbase/native was found to contain malicious code. Source: ghsa-malware eb78c3f4eb3df2581ae53c6b6c46aa1d14c7a6027fa4f248b1e2b15763763ed...

@actbase/react-native-tiktok contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

@actbase/react-native-actionsheet contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

@actbase/react-native-fast-image contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

@actbase/react-native-kakao-channel contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

EUVD-2025-199104

Malicious code in react-native-jam-icons npm...

Malicious code in react-native-jam-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4651dd576f405b8b0d0fd7724638dce527ed7cec18cdfc20e4b49f5cc3f9006d The package react-native-jam-icons was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191144 Malicious code in react-native-jam-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4651dd576f405b8b0d0fd7724638dce527ed7cec18cdfc20e4b49f5cc3f9006d The package react-native-jam-icons was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-datepicker-modal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86014f2b55c2d58c217fd51ebbffc71cbc86fad9b13d443647f1cb11c19c7ade The package react-native-datepicker-modal was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199048

Malicious code in react-native-datepicker-modal npm...

Malicious code in react-native-email (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 685a2ceb0fc4b3de8462a07c55626285d47bbb72612a7feac2582a7dbfc2a606 The package react-native-email was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199047

Malicious code in react-native-email npm...

MAL-2025-190996 Malicious code in react-native-email (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 685a2ceb0fc4b3de8462a07c55626285d47bbb72612a7feac2582a7dbfc2a606 The package react-native-email was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b96159f9c8f74a56ea1f03322401befd0e090840e21dff7d1cc37db649e8cd58 The package react-native-fetch was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199046

Malicious code in react-native-fetch npm...

MAL-2025-190997 Malicious code in react-native-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b96159f9c8f74a56ea1f03322401befd0e090840e21dff7d1cc37db649e8cd58 The package react-native-fetch was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-get-pixel-dimensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3570e34574e0faad44ff9473f62241285d926a86915d14b3593b9c3105520fc The package react-native-get-pixel-dimensions was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199045

Malicious code in react-native-get-pixel-dimensions npm...

MAL-2025-190998 Malicious code in react-native-get-pixel-dimensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3570e34574e0faad44ff9473f62241285d926a86915d14b3593b9c3105520fc The package react-native-get-pixel-dimensions was found to contain malicious code. Source: ghsa-malware...