Malicious code in tensorzero-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b66b5b70cb431f4427417df356e75438bfa64c106e3c1762f27c257246e445 The package tensorzero-node was found to contain malicious code. Source: ghsa-malware d152b28b710406f0a3eede30abb61ae9698eca9fc72a46a2b6b59eaf23876dc...

MAL-2026-2681 Malicious code in @athena-ui-components/dashboard-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dde903dbeed027bf706e148f4e85f93dd117d93441dddea76703a801a81a5b2d The package @athena-ui-components/dashboard-widget was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2827 Malicious code in js-logger-pack (npm)

js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...

MAL-2026-2677 Malicious code in pdf-linker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14402ea1542260a2cb6471902d5e0d037fecb136e1f2b2995b2741eb775f495d The package pdf-linker was found to contain malicious code. Source: ghsa-malware b496570e3a5a77b10f653cddc3b93d0ae974b01b253f0468a02c169c9fc0eb2c Any...

MAL-2026-2679 Malicious code in snitz-chief-cloud-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24a91d88d68aae1e6311a7d533b3efc0618206a56025c6a96c1f1024b3ccf9df The package snitz-chief-cloud-config was found to contain malicious code. Source: ghsa-malware...

Malicious code in snitz-chief-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc306ec8452bc2fd831e57407e5c99169c8e2813debf726f99604d8c6e459a4 The package snitz-chief-cloud was found to contain malicious code. Source: ghsa-malware...

Malicious code in snitz-chief-cloud-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24a91d88d68aae1e6311a7d533b3efc0618206a56025c6a96c1f1024b3ccf9df The package snitz-chief-cloud-config was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2676 Malicious code in moscova-plural-json-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a51fa685cb52dec458580533d514310ee1449c22a04bf82f6f1fc1e9e7b9db5 The package moscova-plural-json-parser was found to contain malicious code. Source: ghsa-malware...

CVE-2026-30625

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

Malicious code in pnpm-workspaces (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19d252b93a40f90995892530ecd34dc35e9ec7e5b741cb02416fd3dde3e082d8 The package pnpm-workspaces was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2663 Malicious code in tether-wrk-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e816f71a9a4581a5adacb19f57871ba8a9118bb980fbcb97c74d6b601a7e517f The package tether-wrk-base was found to contain malicious code. Source: ghsa-malware dd91537dad139a68aee6f4c63c4f9afb6bd315f2d76ee0e8e998dde7a421ef4...

MAL-2026-2662 Malicious code in @automation-toolchain/f5-cloud-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bfc189949f1db0cdc70361f74210d6fe3f92c3e69ddad9491d9c7615465f9c6 The package @automation-toolchain/f5-cloud-libs was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2881 Malicious code in bjs-lint-builders (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ff31ee3bf86e4aecefc3ed40ae1647028f7fd482df4c617731ebfd75cad027 The package bjs-lint-builders was found to contain maliciou...

MAL-2026-2880 Malicious code in bjs-lint-builder (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de4578f36842f930e2a5e6a4129c10eb87bf1005fe8cbdf05ffb9fdc2fe43ad8 The package bjs-lint-builder was found to contain malicious...

Malicious code in bjs-lint-builder (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de4578f36842f930e2a5e6a4129c10eb87bf1005fe8cbdf05ffb9fdc2fe43ad8 The package bjs-lint-builder was found to contain malicious...

Malicious code in chai-as-refined (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc7bd5b01fccd5ef5cc96d9a4eecf5801c6b34a062718a2131d2b2abb7a93191 The package chai-as-refined was found to contain malicious code. Source: ghsa-malware 5a69e4e0dbfe130a3d5da8413eb7ad9a490dc1874ee69ef385156479b365da4...

Malicious code in okfe-serverless-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74a72b0853bd9a530292e0f2f74d820ea396dd35650bb3537cf4b2d8705e0dc The package okfe-serverless-conf was found to contain malicious code. Source: ghsa-malware...

Malicious code in chatbotloader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78643cb5d37687c0eac0935734bac95f23c01b64ded6bb2f2f090542324042ac The package chatbotloader was found to contain malicious code. Source: ghsa-malware 88ccdb3c34d69b2e53f62caa6b7e61f32e7868fa5893d6fd6d09662189d10b34...

MAL-2026-2642 Malicious code in chatbotloader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78643cb5d37687c0eac0935734bac95f23c01b64ded6bb2f2f090542324042ac The package chatbotloader was found to contain malicious code. Source: ghsa-malware 88ccdb3c34d69b2e53f62caa6b7e61f32e7868fa5893d6fd6d09662189d10b34...

Malicious code in okx-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f537a0896e3975393a32700cc7c402b5b84baade9d30694090e625ef37a8a09 The package okx-data was found to contain malicious code. Source: ghsa-malware 41edc2d01a36c24d285496e1d882419e277f6ac2ded1e21f9d6eb4fd13cada75 Any...