234761 matches found
Malicious code in @girirajravichandran/corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82e79f342b1cd33520c8987b0307cb211e4b04694caef9c967725778e1802e94 The package @girirajravichandran/corp-build-utils-poc was found to contain malicious code...
MAL-2026-2330 Malicious code in @fyxer-ai/shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3a41d542ea1950a8f7bee29e8c4602a2553a5b612c7763af1f7a80246f708f The package @fyxer-ai/shared was found to contain malicious code...
Malicious code in @abi-labs-frontend/standards (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a60eba79d2fd49b58fb2a2073d2b7c87f66c1ad781bc1a6137962f9b5e772449 The package @abi-labs-frontend/standards was found to contain malicious code...
MAL-2026-2137 Malicious code in @one-site/europcar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711bd5a2f6cb47f1cf20cae950c1b89253561e63249de1fa2989ea5766f6f3bd The package @one-site/europcar was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in express-session-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3beac16c32c8776482bafbb2ad95b50b7b18bf6e93fbf712238f60a4d7ae363d The package express-session-validator was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2129 Malicious code in express-session-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3beac16c32c8776482bafbb2ad95b50b7b18bf6e93fbf712238f60a4d7ae363d The package express-session-validator was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview agoda-test-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2130 Malicious code in fancode-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e56c163153700b6fef7090e078a98b7c2403088e5c5f487344dc419af8adaa7 The package fancode-web-app was found to contain malicious code. Source: ghsa-malware a933e6c673f3cf2c4cb0e768570b64dcf627ac59e6b29c2e9afd5a5fb3d4396...
Malicious code in yelp-react-component-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027bbca928c4c1696f388fbb2ac0ac3a7c74a29db1a6bb76b5c7431759c27421 The package yelp-react-component-rating was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2136 Malicious code in yelp-react-component-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027bbca928c4c1696f388fbb2ac0ac3a7c74a29db1a6bb76b5c7431759c27421 The package yelp-react-component-rating was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview yelp-react-component-photo-upload is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
MAL-2026-2134 Malicious code in yelp-biz-action-constants-js-generated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063bb3466bef20db9d0f0c8436b384fe8b498ccceef3993ab43e0482b43efc40 The package yelp-biz-action-constants-js-generated was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2125 Malicious code in customerdigital-ui-components-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a8c957edf16da956a7859c7a0e1d8accbe84824b88f1f19f70a01acd07b729 The package customerdigital-ui-components-lib was found to contain malicious code. Source: ghsa-malware...
Malicious code in oc-navbar-module-client (npm)
Malicious package due to code obfuscation, dynamic code execution, suspicious email, install script, and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0eedd88f7d05d96544d4fc778561471c0490c16f2fe2c6e8c70428af92e6ad The package...
MAL-2026-2417 Malicious code in oc-navbar-module-client (npm)
Malicious package due to code obfuscation, dynamic code execution, suspicious email, install script, and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0eedd88f7d05d96544d4fc778561471c0490c16f2fe2c6e8c70428af92e6ad The package...
MAL-2026-2415 Malicious code in oc-aa-module-client (npm)
Multiple pieces of evidence suggest malicious intent: hex obfuscation, dynamic code execution, suspicious email, and install script executing index.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ff9a96329ad67bbc8f97ec7686f7f6a8f1b94bb76be3f8f48671cafde13fc...
MAL-2026-2223 Malicious code in cr-static-shared-components (npm)
Malicious package due to code obfuscation, dynamic module loading, suspicious email, and arbitrary code execution during installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fcc8531926534d3d87af7c173bfaba5f563bdbbc6ae8293de0150a0f00ba205 The package...
MAL-2026-2413 Malicious code in cclr-component-resources (npm)
Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...
New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper
CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload...
Malicious Package
Overview coinbase-desktop-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...