234869 matches found
Malicious Package
Overview chai-as-approved is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-821 Malicious code in jwtdotenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc6df342437c7ecab65fac0d10d4f37deb16e983a008ae6d87ee4dd368b4c6 The package jwtdotenv was found to contain malicious code. Source: ghsa-malware 30cfddaf043abb6549e21d69c8b779ffe56c9db1013cd885c6ee955a14ec4aeb Any...
MAL-2026-820 Malicious code in json-web-sources (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b1334dba3ed3954154395d5993332e1deb8b238be09d0adcd260e3b35d98acc The package json-web-sources was found to contain malicious code. Source: ghsa-malware 7b5b7f3896b01dd45503daa7565b91666029b06751c908d7e41fa1ccd23ca3...
MAL-2026-819 Malicious code in json-mapping-sources (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77824e69a815d8ac27a50bb52fa0a39fe2c7e512e6597d3aefd500b0eae847e8 The package json-mapping-sources was found to contain malicious code. Source: ghsa-malware...
MAL-2026-822 Malicious code in react-svg-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @skyeng/libs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-806 Malicious code in web3-chain-sinon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d656a8031870a05e2b7fa8dec1f3f9b9b48c3d8de3d93df42c787c139b0693a5 The package web3-chain-sinon was found to contain malicious code. Source: ghsa-malware f522ddb6d36708e509e4e4074bed2658a3a1e4101d4a45bb588e08c611cc33...
MAL-2026-807 Malicious code in web3-sinon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6990443632c3224a5e897d1747fcd76f782eda8d020447076d59cf305b03c82 The package web3-sinon was found to contain malicious code. Source: ghsa-malware 7d195e4b1eda9212f69e313de4107deae82670a9615ec25b86c8aaaf3df0e1f9 Any...
MAL-2026-805 Malicious code in aligned-arrays (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bde941864059bf74245ed1ebf09a7be97e6a01881536ec8ad3913ddf1c1226f The package aligned-arrays was found to contain malicious code. Source: ghsa-malware 4bea95feabe1220983f2c46796cd72f198d1c4125771146d4a3a788f2fdb3b8a...
MAL-2026-802 Malicious code in @sbseg-plugin/qbo-web-app-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8f63d78f9aa713d6b2f068258ae34a81a6c8cfaa91890865506ce11475a44d5 The package @sbseg-plugin/qbo-web-app-ui was found to contain malicious code. Source: ghsa-malware...
MAL-2026-797 Malicious code in @rsgweb/modules-core-feedback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c68d1fafad6a94ebe843e20901dd8e5251d0b27b963d07e71ecefbd16c7465 The package @rsgweb/modules-core-feedback was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @rsgweb/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @rsgweb/modules-core-feedback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c68d1fafad6a94ebe843e20901dd8e5251d0b27b963d07e71ecefbd16c7465 The package @rsgweb/modules-core-feedback was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @rsgweb/rockstar-account is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-801 Malicious code in @rsgweb/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee9f14ff2b440c9d947019c65ffaa29df41116c3e35f18691cfcce733246790a The package @rsgweb/utils was found to contain malicious code. Source: ghsa-malware a9a98e6a12ac6be8573661e76ab7342baf0c83aae4d1907c482230dd5606dbc9...
MAL-2026-798 Malicious code in @rsgweb/modules-core-www-page (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23f1da0ba801a44eed5b3b909bc1630a6580ea6cd05677e6e0f4c1b2088d4e3b The package @rsgweb/modules-core-www-page was found to contain malicious code. Source: ghsa-malware...
MAL-2026-800 Malicious code in @rsgweb/tina (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fedfc10f9721045fdfa303f918c63315e6863b5acb7f3d86443a03333e1994b The package @rsgweb/tina was found to contain malicious code. Source: ghsa-malware 4636b5e7c22aa34f9aea154f9b4ca825a51ed64947c6a0c2eab7203e24967a89 A...
Malicious Package
Overview @meli-lint/eslint-config-base is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in @hashicorp-internal/vault-reporting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85e2c508de22734977cac24ec430b5cfece85e6367f577df76caa740b5594eb7 The package @hashicorp-internal/vault-reporting was found to contain malicious code. Source: ghsa-malware...
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index PyPI repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the tw...