Malicious code in undicy-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e5df89180b140f5106db0b74f5ee04330236214094173880f7baf0fd47088a8 The package undicy-lint was found to contain malicious code. Source: ghsa-malware 2713794393ff885438b3aa1cc6dc97cff34cd42825c28e917bf8ec24ee704ff7 An...

Malicious code in promanage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34866a6d91e495c7692a123d4f1b31f1a98cf793744c4649f92eccf97d43ee9b The package promanage was found to contain malicious code. Source: ghsa-malware 55e3f919d2876892f9e686ad04eb2e38c1f5fdb1e3d93f39fc306563d9a4fa18 Any...

MAL-2026-1038 Malicious code in promanage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34866a6d91e495c7692a123d4f1b31f1a98cf793744c4649f92eccf97d43ee9b The package promanage was found to contain malicious code. Source: ghsa-malware 55e3f919d2876892f9e686ad04eb2e38c1f5fdb1e3d93f39fc306563d9a4fa18 Any...

Malicious code in uuindex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a373d8c2c653d1b6effee8ff65bba442fcf08d7eea88ec95707680697385646 The package uuindex was found to contain malicious code. Source: ghsa-malware 47c06a7b235c91fbc08cc942c69f1e05ecdb8093c9658bd5ade2b8866cc33f4c Any...

MAL-2026-1034 Malicious code in chai-lite-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07f2fa37570e8cdb391a3cddfb304c274e9726e3803b150b309816e971577bec The package chai-lite-lib was found to contain malicious code. Source: ghsa-malware c9a6f02ff3187727ac481d692d98a5614c02e6ca28616d6a9d48e7505e63656e...

Malicious code in react-svg-helper-fast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39fb02f7b438a7ec942c0fa38a79d9d1c8014a7747696a55445376fce8f8d721 The package react-svg-helper-fast was found to contain malicious code. Source: ghsa-malware...

Malicious code in sample-custom-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ade5f035c4d3f9fe74cfc0626c8ac011eeea6e88040376a03abee9cdf05290b7 The package sample-custom-component was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1232 Malicious code in @schedaero/yukon (npm)

Multiple evidences indicate malicious behavior: suspicious URL, data exfiltration, process exiting, and preinstall script execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02868b7ba4a5e5bf754e692e348191e6974f2f707417f20f97b33f172cda4ca The package...

MAL-2026-1228 Malicious code in @schedaero/bacon (npm)

Multiple suspicious behaviors: preinstall script exfiltrates data to a suspicious URL, terminates process, and few versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1f79d2ea06bc3905829524120560412e8e875463b5bddeb6bad3a343292c20c The package...

MAL-2026-1234 Malicious code in uxproject11 (npm)

Collects and exfiltrates sensitive system information to suspicious domains. Multiple YARA rules are triggered. High entropy file. Extension mismatch. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b478ab519bbd87949cad8be7d77296e0eddd01aa0be1b4b168ed2f6a0f7413...

Malicious code in projectrtert (npm)

Package collects and exfiltrates sensitive system data to Oastify URLs. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b127b8509d4b1ad251567a872811e8a8f4441791c7edadb916c6214be26768 The package projectrtert was found to contain malicious code. Source:...

MAL-2026-1231 Malicious code in @schedaero/shared (npm)

Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...

Malicious code in react-devtools-raycast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 389c48f69049121e3e54751b68803d75bb5d571de2c8caf9c5e5d21f970612f0 The package react-devtools-raycast was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1042 Malicious code in trae-browser-inspect (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fbd2b8603f95aa744b92e1f624c31c4afc4dcb7ef634096a331302462b45e1f The package trae-browser-inspect was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in rncalendareventsexample (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8233da991559fe765a6e65e5430209a2a69487e32efea7fb5bc27d9a5f37efba The package rncalendareventsexample was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @protonme/routing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e618f44597f1625955e5cafd982eed4bc5eea13d53fb57c344daf811fdb6924 The package @protonme/routing was found to contain malicious code. Source: ghsa-malware...

Malicious code in @unitedcapitalfinancialadvisors/finlife-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158b79753c39be97f6436dd06b4ef12321c0419a81070690604105af362334d3 The package @unitedcapitalfinancialadvisors/finlife-component-library was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @protonme/routing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1025 Malicious code in @unitedcapitalfinancialadvisors/finlife-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158b79753c39be97f6436dd06b4ef12321c0419a81070690604105af362334d3 The package @unitedcapitalfinancialadvisors/finlife-component-library was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1022 Malicious code in @coinmetro/app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8710d0b7801eb38be3efb787ab05f7dde1bf3d8e16e645c2b587fc6af19a60b1 The package @coinmetro/app was found to contain malicious code. Source: ghsa-malware 298d5aea9a95bac11ef6a844456d1e9144166fa3eb0885775e41a79b1c8319b6...