Malicious code in @t-in-one/send_add_application (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

PT-2026-47388

Root has patched GHSA-8h8q-6873-q5fj in the @rootio/next package for Root:npm. Multiple fixed versions available...

MAL-2026-5045 Malicious code in @t-in-one/safe_local_storage_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

MAL-2026-5033 Malicious code in @t-in-one/add_app_middleware_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @qlab/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7872b498f71081087798b86ec67dd7fc33ab268d9b36de04b7d5d2b2698205 package.json declares scripts.preinstall: node index.js, causing index.js to run automatically during npm install. index.js collects os.hostname,...

MAL-2026-5027 Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

Malicious Package

Overview @service-user-notifications/setnotificationsnotremovable is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between...

MAL-2026-4852 Malicious code in @service-suppliers/set_initial_loaded (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd44f16d8e16a982d3d1b38f7956db80de10ef3c0c176e7079e684926c1c3c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4854 Malicious code in @service-suppliers/set_suppliers_data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0469f2493e0faa6db2b4dd70c85c58062f538457a60d4d4b77b44c861f665665 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4856 Malicious code in @service-suppliers/set_suppliers_loading_stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52d21512cf72b6b9822978fa95b217f0412f0d8ec55e5667addf4a486ad0965b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @polka-ui/reco (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 748e9209b5841d7276bc8325c476b21c3061fdc37dc9db0280f033ba9badc8c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/fetch_suppliers_country_list_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1019aabd4bb69e25840cb292802f34974e93eb6c61d783cd8e1bb054a33d182a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @service-suppliers/select-supplier-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @loans/vehicles-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4849 Malicious code in @service-suppliers/fetch_suppliers_country_list_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1019aabd4bb69e25840cb292802f34974e93eb6c61d783cd8e1bb054a33d182a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @cloudplatform-single-spa/anti-ddos (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/cloudia (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/dataplatform-cloudberry (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/iam (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/ml-ai-agents-evo-claw (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...