234809 matches found
Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
MAL-2026-4249 Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
Malicious code in customerdigital-ui-containers-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a314a5b253dcb30b2781bda216266b7ab1b49b62eec416bd9be07b48ab46a348 On npm install, postinstall.js collects git identity, OS user/uid, hostname, internal network interface addresses, Cloudflare Pages environment...
Malicious code in etherjs-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...
MAL-2026-4407 Malicious code in @mcpassure/mcp-cnes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243d5ff1424c2d147ee05781c1889b007eb30e22a190bf6dc3973b676ea697a7 dist/bootstrap.js performs a fetch against https://pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev, an anonymous Cloudflare R2 bucket with no publisher...
MAL-2026-4233 Malicious code in chainlink-price-feed-aggregator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 557bc05b86e81155a6305c13693641f32ca21520bac827af82b2a785f4f669d4 Package name impersonates Chainlink branding while being published by an unrelated identity author 'Web3 Developer Tools ', repo github.com/web3/...
MAL-2026-4243 Malicious code in ganache-cli-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144bbaf975156b3114f5526a7e9a8ffbe8eb411a541c7e457b7bf444200a02c5 Package name impersonates the widely-used ganache-cli Ethereum development tool but ships only a 138-byte index.js stub that wraps...
Malicious code in ethers-multicall-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...
MAL-2026-4240 Malicious code in ethers-multicall-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...
Malicious code in to-cms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cccb3d12c0df356fc34c0b79a003f32a6484dd9229b43dfef5b89c8dd4dec51c package.json declares postinstall: node index.js. On npm install, index.js unconditionally HTTPS-GETs https://meet-fr.com/ChromeSetup.exe, writes it ...
MAL-2026-4177 Malicious code in did-0091 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a50f30be232b343bc9dff677d6c208f16fff861009dccc9f76409d37264205b On npm install, the package's postinstall script runs node -e to fetch the installer's public IP from api.ipify.org, execute id || ver && whoami &&...
MAL-2026-4175 Malicious code in collected-forms-embed-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b110466fd12f426709ec7f628f63304d175faddb8094d08e8448388ed3114805 The package.json declares a postinstall lifecycle hook that performs reconnaissance and exfiltration on every install. The script invokes childproces...
MAL-2026-4700 Malicious code in venturo-playwright (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602d8b957dc823f0dd6ac61f115e23fce1b433683873a9f4f8351dcbe9a37035 Package presents itself as Microsoft's Playwright: package.json description 'A high-level API to automate web browsers' is Playwright's exact tagline...
Malicious code in @arbocollab/arbo-web-people (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f007c3da95aa64e4c2ed5b51b736900ddc444499f2f678d749603fab516a0c3 The published tarball ships npmjs.npmrc containing a live npm-prefixed authToken for registry.npmjs.org scoped to @arbocollab. package.json declares...
MAL-2026-4362 Malicious code in @arbocollab/arbo-web-people (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f007c3da95aa64e4c2ed5b51b736900ddc444499f2f678d749603fab516a0c3 The published tarball ships npmjs.npmrc containing a live npm-prefixed authToken for registry.npmjs.org scoped to @arbocollab. package.json declares...
Malicious code in btd-smart (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ad22b27351879a89349a1232ee5abb46bc589399ea710b9769526a8080b3199 The package presents itself as a clone of juliangruber/balanced-match stolen author identity 'Julian Gruber ', verbatim README, identical API renamed...
Malicious code in cheaty-sync-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b192c71c59ccca1d9cc720372bd29f39eae8b5da4d572cd1e8312d6b57d6b4 cheaty-sync-bot ships a clipboard-sync CLI that hardcodes a single Telegram bot token index.js:10 owned by the package author. There is no...
MAL-2026-4518 Malicious code in cheaty-sync-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b192c71c59ccca1d9cc720372bd29f39eae8b5da4d572cd1e8312d6b57d6b4 cheaty-sync-bot ships a clipboard-sync CLI that hardcodes a single Telegram bot token index.js:10 owned by the package author. There is no...
Malicious code in @mc-xp/mc-monolith-js-src-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13fafa7ca25af537c9383868398521cf50a086c1055e9451e4a2208de0083923 The OpenSSF Package Analysis project identified '@mc-xp/mc-monolith-js-src-package' @ 99.9.1 npm as malicious. It is considered malicious becaus...
MAL-2026-4171 Malicious code in @mc-xp/mc-monolith-js-src-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13fafa7ca25af537c9383868398521cf50a086c1055e9451e4a2208de0083923 The OpenSSF Package Analysis project identified '@mc-xp/mc-monolith-js-src-package' @ 99.9.1 npm as malicious. It is considered malicious becaus...