136628 matches found
Malicious Package
Overview @spreadjs/js-calc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @relxui/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview gp-auth-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview @ascend-ops/web-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in @bokehjs/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c6f4339e19ee914380a69c5c69b600db7df1412b41db50a539eb87db984f68c The package @bokehjs/core was found to contain malicious code. Source: ghsa-malware 6e18981ac8adec7cb489a1be8841f5f6862c8f1298c570346d5210c99dd275fe...
Malicious code in stats-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...
Malicious code in twilio-video.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e3803147d3c0bc502c876bc9a0c17ab6abb0f35cef279419245d46843a57ee The package twilio-video.js was found to contain malicious code. Source: ghsa-malware cc5348f21258b1a1e011513da698c5544555a2b78063b41540c04c9b0b0bc58...
MAL-2026-2600 Malicious code in cms-site-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c005e0d9ed50229f543036c5c8bd9dd61a1ad0b5373efab2aa9fdba45084f9 The package cms-site-api-js-client was found to contain malicious code. Source: ghsa-malware...
Malicious code in dwaiter-company-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602a450ab8f9d48b5e7ca03f6e4cf89803a6f1a0e6e35d453c92e59143096577 The package dwaiter-company-web was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2605 Malicious code in kaltura-ngx-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33934fb6026f53c4e012992591edb1038036a17c485afca8e8fb3e40083a44ce The package kaltura-ngx-client was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview symphony-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @b2b-portal/kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa5c1b32159c7e6dc9c07e663c7f8cf3b3ee24450a33289a1a79589c69906eed The package @b2b-portal/kit was found to contain malicious code. Source: ghsa-malware 20de22d7080860e2c01f3de58d2809af28e543302e49545749666efd4956c23...
Malicious Package
Overview @b2b-portal/kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2620 Malicious code in upstartportal (npm)
Collects system info, reads sensitive files, and exfiltrates data to a suspicious host. Multiple YARA matches confirm malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 932dee0dcf84fc1044efb1ec35950d6102fcbb5122f26cca5e2b1f13eb599729 The package...
Malicious code in upstartportal (npm)
Collects system info, reads sensitive files, and exfiltrates data to a suspicious host. Multiple YARA matches confirm malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 932dee0dcf84fc1044efb1ec35950d6102fcbb5122f26cca5e2b1f13eb599729 The package...
Malicious code in upstartloans (npm)
Collects and exfiltrates sensitive data credentials, keys, history to p1s.uk with disabled SSL validation. Suspicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a1d5c610e0cc5ec6be53b8d0d986d5ddef30937d04c977998db4c2d4b0be908 The package...
MAL-2026-2611 Malicious code in upstart-lending-status (npm)
Package is malware. It steals credentials, collects system info, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 627a2802a53ad7eb751fcac4b0a43245c6b0bf9e667db77051758b24d8bc4d96 The package...
MAL-2026-2564 Malicious code in gp-auth-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a24cae80696867d7d7b835ee70e1ef1e85373092f31cd93e2a35508ae3d2afb3 The package gp-auth-lib was found to contain malicious code. Source: ghsa-malware 73c001ebe2675cd78ef852bc2e78ff6fb837fd64b9b490dbea61c4ff1ca6d146 An...
Malicious code in ts-schema-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa35c0f1b632f24027499340dfbe35df1f1d57bed2a5ad8327d688a7b23507a3 The package ts-schema-helpers was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2876 Malicious code in unisys-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f0369680ea400c89b8ab01dfc75f7a7df45c8a26bfc5631a636770ccf32c9ed The package unisys-common was found to contain malicious code. Source: ossf-package-analysis...