Malicious code in one-sdui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ae9d1e61120df70064f163b6e30ced15f3ec724fb27cbc92b9ac1b8d1cd4c02 The package one-sdui was found to contain malicious code. Source: ghsa-malware 3e8ccc46dbdf8114e190c849d6db29184468de377c64467c88e3e33398d54018 Any...

Malicious code in one-translations (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8509aaa4a1769ce406c0bf7883ec6930bbd4aedbbeeb82df3ae719ab279ff238 The package one-translations was found to contain malicious code. Source: ghsa-malware 6d3a1486ad2ba464c9c1c678dfbab6c735eccaf31f2a1d3cba6e3f28a3fad5...

Malicious Package

Overview markdownlint-rule-link-pattern is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

Malicious Package

Overview seaport-core-16 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2634 Malicious code in percy-cake-docker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf9ba1c1f0935698da1dc2d1856efe1994c5b21139eec04f6eca712e85925f2 The package percy-cake-docker was found to contain malicious code. Source: ghsa-malware...

Malicious code in centralogger (npm)

dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...

Malicious code in magentaa11y (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 995b52a2411e3213a611e58f659a941136e8021a88e1d638a232018265d5c11a The package magentaa11y was found to contain malicious code. Source: ghsa-malware 1c1c14e542b99ac8e01a06fd61158c90ffe14fbedbf4834d97f38d65d477ebb5 An...

MAL-2026-2632 Malicious code in magentaa11y (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 995b52a2411e3213a611e58f659a941136e8021a88e1d638a232018265d5c11a The package magentaa11y was found to contain malicious code. Source: ghsa-malware 1c1c14e542b99ac8e01a06fd61158c90ffe14fbedbf4834d97f38d65d477ebb5 An...

Malicious Package

Overview paysafe-card-payments is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @spreadjs/js-calc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7909a65c6a2c928f12a2333a6e1c53c7dea90685fe7b2be35f120654a6f86d7 The package @spreadjs/js-calc was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @sap-px/pxapi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @relxui/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b91a4fd21ef12fb1580ab9240c8b51f39c0ba26d19b683ebcac2d86ed7936e78 The package @relxui/react was found to contain malicious code. Source: ghsa-malware 1a95206a60abfe74a108e76e52361543b36e7d78ff34a1273b5cf4c1bb183d1f...

Malicious Package

Overview @spreadjs/js-calc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @relxui/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview gp-auth-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview @ascend-ops/web-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious code in @bokehjs/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c6f4339e19ee914380a69c5c69b600db7df1412b41db50a539eb87db984f68c The package @bokehjs/core was found to contain malicious code. Source: ghsa-malware 6e18981ac8adec7cb489a1be8841f5f6862c8f1298c570346d5210c99dd275fe...

Malicious code in stats-api-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...

Malicious code in twilio-video.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e3803147d3c0bc502c876bc9a0c17ab6abb0f35cef279419245d46843a57ee The package twilio-video.js was found to contain malicious code. Source: ghsa-malware cc5348f21258b1a1e011513da698c5544555a2b78063b41540c04c9b0b0bc58...

MAL-2026-2600 Malicious code in cms-site-api-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c005e0d9ed50229f543036c5c8bd9dd61a1ad0b5373efab2aa9fdba45084f9 The package cms-site-api-js-client was found to contain malicious code. Source: ghsa-malware...