Malicious code in ts-lint-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4411e0cabacba0eb0996243c3198a26f74deb52ec249ba39f1b8019fea10136 The package ts-lint-builder was found to contain malicious code. Source: ghsa-malware 0514225155e8ef3ef5350ff238e097dd627e4dd2639974c7cab656ad65d3f6b...

MAL-2026-1343 Malicious code in chai-as-flex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...

MAL-2026-1333 Malicious code in polygon-gamma-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe3f588073fea9d33a70fcdffbe2466af2886a8bf5227c8e3256235aca46899 The package polygon-gamma-api was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1337 Malicious code in typescript-urql (npm)

The package 'typescript-urql' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1329 Malicious code in google-camelcase (npm)

The package 'google-camelcase' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in filter-imports (npm)

The package 'filter-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1330 Malicious code in import-zod (npm)

The package 'import-zod' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.artifactsnpm.com...

MAL-2026-1331 Malicious code in llm-oracle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98fdc3b2f8d6e1b4bb0e26b6f7f12227b5759900fb7c859b6b13093b1a159bf9 The package llm-oracle was found to contain malicious code. Source: ghsa-malware 94a20da2ad0a043d47545889257036cffa168646e3083c39007db16c692dc419 Any...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31840 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31840 Source advisory: OSV:GHSA-QPR4-JRJ4-6F27...

GHSA-QFFP-2RHF-9H96 vulnerabilities

Vulnerabilities for packages: pulumi, npm, opensearch-dashboards, saf, tileserver-gl, prism, node-gyp, renovate, lerna, sqlpad...

CVE-2026-29786 vulnerabilities

Vulnerabilities for packages: pulumi, npm, opensearch-dashboards, saf, tileserver-gl, prism, node-gyp, renovate, lerna, sqlpad...

CVE-2026-29786 vulnerabilities

Vulnerabilities for packages: npm, opensearch-dashboards, renovate, tileserver-gl, tileserver-gl-fips, graalvm, sqlpad, redisinsight, wazuh-dashboard, prism, lerna, pulumi, kibana, saf, actions-runner, node-gyp, opensearch-dashboards-fips, wazuh-dashboard-fips...

GHSA-QFFP-2RHF-9H96 vulnerabilities

Vulnerabilities for packages: npm, opensearch-dashboards, renovate, tileserver-gl, tileserver-gl-fips, graalvm, sqlpad, redisinsight, wazuh-dashboard, prism, lerna, pulumi, kibana, saf, actions-runner, node-gyp, opensearch-dashboards-fips, wazuh-dashboard-fips...

Malicious Package

Overview rtxbbtyols is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in rtxnode-sass22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36a78ba8212bc3ab76a0cd01b40b2a3c0b18f319ccb29c6ccea455e9a89449a8 The package rtxnode-sass22 was found to contain malicious code. Source: ghsa-malware f55edfe6ea35e734acb3592f0b13348ef997c46497c2975855d609ee45912671...

Malicious Package

Overview @openclaw-ai/openclawai is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2026-1320 Malicious code in chain-promised-await (npm)

Remote code execution via fetching code from a remote URL and Discord webhook usage indicates malicious intent. Single version adds to suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b882a33fdd394ef7a848100d8ee39ef4c7f0747942b4bea86e38af5780c978 The...

Malicious code in iron-menu-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c995f11c44e1f5cd41f7a3c63d4070a2d738168a7fcc5a61f8f9e8ddbd6f00c The package iron-menu-behavior was found to contain malicious code. Source: ghsa-malware...

Malicious code in @platform-growth/guidance-channel-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851a1eb428b30069bd6ba251018b1547db4c6066228663539c2b80b07ba0061e The package @platform-growth/guidance-channel-provider was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview collab-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...