2 matches found
MAL-2026-4366 Malicious code in @autoheal/setup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...
MAL-2026-4647 Malicious code in prjct-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b60bff5e0e18ecdc993dc505651612acba538fd6c5e46c4ea69619c453f8f9 On npm install, scripts/postinstall.js invokes scripts/ensure-bun.sh, which runs curl -fsSL https://bun.sh/install | bash with no version pin and no...