136662 matches found
Malicious Package
Overview agoda-test-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in yelp-react-component-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027bbca928c4c1696f388fbb2ac0ac3a7c74a29db1a6bb76b5c7431759c27421 The package yelp-react-component-rating was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2136 Malicious code in yelp-react-component-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027bbca928c4c1696f388fbb2ac0ac3a7c74a29db1a6bb76b5c7431759c27421 The package yelp-react-component-rating was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview yelp-react-component-photo-upload is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
MAL-2026-2417 Malicious code in oc-navbar-module-client (npm)
Malicious package due to code obfuscation, dynamic code execution, suspicious email, install script, and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0eedd88f7d05d96544d4fc778561471c0490c16f2fe2c6e8c70428af92e6ad The package...
MAL-2026-2223 Malicious code in cr-static-shared-components (npm)
Malicious package due to code obfuscation, dynamic module loading, suspicious email, and arbitrary code execution during installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fcc8531926534d3d87af7c173bfaba5f563bdbbc6ae8293de0150a0f00ba205 The package...
New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper
CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload...
Malicious Package
Overview coinbase-desktop-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in internal-linking (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e86a043725ad201320fbd6c6531b1af050f1171216f4eeb0f15fee35f288f2d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in shakti-pwa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdac10e664bf4e0a73263401629caf12d2ed80e3cf76f36fa18a7c2d599e5229 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pulse-shop-section (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9973ec50205f8457c7d27feb3e60011e3fe79d4e0d1b7cbeaa30bc38e98e9d95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in milla-migration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9875dda486759645a2c370547b9a93d381a844099b8f0c4bc9f640bda56f1b00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview shakti-pwa is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-2102 Malicious code in storefront-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f98f783cc760be758abd241914b7bb745e69248c87c20f1b84d14a522676413a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pulse-feature-flag (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fad1549c9f60719931f740e56bfa68762b93275b97574f4d8d2c08aeedc71344 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2098 Malicious code in sd-basket-highlight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sfx-event-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ed3495e868bcd1db85182332d575437978593cda12ceca6ab4acf1c4b28accf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2096 Malicious code in puzzle-asset (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa20758e3fc1eaf5b167758e00f73f4f8cead459061a4971f7358e8aa7f436b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @emilgroup/public-api-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd16e6bb382d147e1c65b35af9d28a9c8b96c40f440b3a45b14e160a77beb1ba The package @emilgroup/public-api-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2069 Malicious code in eslint-config-service-users (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4e2d9cbfd1dc174c6898b4375b8d4417da80c535833d43c5a4ae977252e9269 The package eslint-config-service-users was found to contain malicious code. Source: ghsa-malware...