Malicious code in expeewas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcb3aafc860058ba4e9a64c6fa7dba85b7df72d68971ef7c673245e4ac02820f The package expeewas was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2441 Malicious code in expirs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86105842d926ee95e61ae8adf0d4506cbc55c9510189208ee33d511806f2c5ef The package expirs was found to contain malicious code. Source: ossf-package-analysis d82cf6807fa6c011a17d3f4e8bf8af1e3e935a3d79ab1420356fd87d3f2567d...

Malicious code in exszpe3szs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f15551a64777edf23687b4e056220380ac9501b76e432e33f9d93f5aecf2d3 The package exszpe3szs was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2435 Malicious code in 4xperss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6de1a8af1dbe21de2e06785a6a5e41a438f356fe440c8b121b808975ef95f5fe The package 4xperss was found to contain malicious code. Source: ossf-package-analysis d8cb27dbe58e29571ce6b777903222af9497b79676e8301021d03f159c5d77...

Malicious code in 4exepreds (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 713fcab117c3d896c25c79498daded14d2b7d69baecb99c233703f421caaca26 The package 4exepreds was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2434 Malicious code in 4exepreds (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 713fcab117c3d896c25c79498daded14d2b7d69baecb99c233703f421caaca26 The package 4exepreds was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in eixp4ressz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ba71706cf48badd366c9b3be4d6645698df1943a258c9f768f2b63c1b9ce7f The package eixp4ressz was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2436 Malicious code in eixp4ressz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ba71706cf48badd366c9b3be4d6645698df1943a258c9f768f2b63c1b9ce7f The package eixp4ressz was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in partner-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0b992863c06f797a9dddef6a493b0391094c9a2ae31fec47e961dd1afdf562 The package partner-tracker was found to contain malicious code. Source: ghsa-malware cfd28d767cd7e0db43c5c52d0b219663552acd6a5f60a34795736624c5cb612...

MAL-2026-2427 Malicious code in partner-tracker-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abcff950068cf454cf07ead8614f95dd6291f4204f72ada102c7b4c3d72c0cd1 The package partner-tracker-api was found to contain malicious code. Source: ghsa-malware...

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +33 more potentially affected by CVE-2026-34747 via payload (>=3.0.0-alpha.46 <=3.79.0)

payload NPM version =3.0.0-alpha.46, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 and more Source cves: CVE-2026-34747 Source advisory: SNYK:JS-PAYLOAD-15873855...

EUVD-2026-17958

An unauthenticated remote code execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

Replicator deserializes untrusted user input

An unauthenticated Remote Code Execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

Malicious code in raydium-bs58 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 866a59b63d949dfe36c6082c9daa6fddcb18993724e9980c245a49ff59944fee The package raydium-bs58 was found to contain malicious code. Source: ghsa-malware b6ba968c5cb1e12fc81fc5ed1694c2221b6ac0299199508b80100927801f07f3 A...

Malicious code in base-or-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2deff4ab9db147fda78b79b3687e76c9d46381670c58924f03f852518002a649 The package base-or-engine was found to contain malicious code. Source: ghsa-malware d6d4b7d60db50af8f8a9614f9ac0a742cf6472998e11e6233c6190b518332958...

MAL-2026-2325 Malicious code in jonas-prettier-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f4e8e2d6e083733be2f7a98647f2a7267b3be203837f3081b4884ef3b926a0 The package jonas-prettier-logger was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2321 Malicious code in base58-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3507af35455908a5b982b470adae215c0ee155a68cbe2a6a59a1f3b6bd98f342 The package base58-engine was found to contain malicious code. Source: ghsa-malware 9f811caacac31851267205cb855bc06a1a39a198f98d9510f12e27dfba097f83...

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence AI coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement...

Axios NPM Distribution Compromised in Supply Chain Attack

A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows...

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to...