Malicious code in @doaction/pay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94ec95e460ba16497749775ca5e0bac92e4013e2297dd506bb2b99254acffaf3 @doaction/pay 9.9.9 declares "preinstall": "node scripts/postinstall.js" in package.json, which requires @doaction/shared/bin/postinstall.js and runs...

Malicious code in @redhat-cloud-services/rbac-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in explorhub-ai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4310 Malicious code in explorhub-ai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ethers-multicall-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...

MAL-2026-4240 Malicious code in ethers-multicall-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...

Malicious code in @uipath/aops-policy-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3ffa653b190d1fd6f355664623366bda5832396e46eb577a6da7e729d642ca5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3434 Malicious code in @opensearch-project/opensearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1668370f4091d14b4e74ad0e9b25c70ccbc5bf7fb7d97f535212ce2289e71347 The package @opensearch-project/opensearch was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3494 Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vime-azl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...

MAL-2026-2961 Malicious code in apple-internal-security-poc-frank (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10f171ab8af350f288bde3dca0a4c5741b840ed376b0022602322fd7b8b6341f The package apple-internal-security-poc-frank was found to contain malicious code. Source: ghsa-malware...

Malicious code in mdb-react-sortable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 221ae0ca7ee784d6ab2d9bb463b65dc3d998114b51b3dd7a4f3585ef2b1ed11a The package mdb-react-sortable was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2217 Malicious code in @rexorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a10d1a86c535852318ad135eca1236f436ad942657df6107d1e1e8a117faf42 The package @rexorg/config was found to contain malicious code. Source: ghsa-malware d3c7f7c6129d24b5a4ee9f95be492524854c16742b8b538f33972fea399c64f5...

Malicious code in transitive_lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7101b480572afd554e3cd28c310430828008015d4aed72012701cf6dd8d6c2 The package transitivelib was found to contain malicious code. Source: ghsa-malware 04d00d39fd7e8aaed1fa694a109cc857c0445a0192b768e39efae8b0e8bdc42c...

Malicious code in @emilgroup/api-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58c245a310d05383d1fdf2e98691e5ea42d0505bdab8e27120537609d6bb4acd The package @emilgroup/api-documentation was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2065 Malicious code in @opengov/ppf-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9589ba5a93df27f74e2153118cf450e51df3df58d8c7abd8e4043cf28c0d8bf The package @opengov/ppf-eslint-config was found to contain malicious code. Source: ghsa-malware...

Malicious code in rollup-plugin-polyfill-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66951e7a327d1fc859d6225c197895d0366cbe1dcb33f3fcf4879b223211a76a The package rollup-plugin-polyfill-build was found to contain malicious code. Source: ghsa-malware...

Malicious code in aesdecryptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ac66c3676fdc79338dd38b32cacdd68d6f86e097c163eb1e8e4bd556de82c69 The package aesdecryptor was found to contain malicious code. Source: ghsa-malware 67de86e4e1b93130bb4f76480f236f202b1f257067eaf1ca02d3c565c2fc8edb A...

Malicious code in vue-scoped-css (npm)

The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...

Malicious code in transform-undefined-to-void (npm)

The package 'transform-undefined-to-void' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...