MAL-2026-3795 Malicious code in dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60192fdff4e24c7d8a8a8feebf26b8aa9408dacbc59475649335e0efc03969f6 The package dowloadebokcomoleerelfutbolbyruudgullit8qd97 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3799 Malicious code in dowload_ebok_the_testament_of_solomon_by_king_solomon_frederick_cornwallis_conybeare_5201c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33d6c492e4871ad2384480820ba9bbefb5a987a0675139c6358cc58e645fd95 The package dowloadebokthetestamentofsolomonbykingsolomonfrederickcornwallisconybeare5201c was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3782 Malicious code in atlassian-marathon-asset-pipeline (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d32d9c71cf7460230bdc7da7e9c9cddc9618a5ca53a66adde25fb5a3e588418 The package atlassian-marathon-asset-pipeline was found to contain malicious code. Source: ghsa-malware...

Malicious code in jenkins-for-jira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8cad9f892c0d9dc4daa1424ece0fdaaeb28938252726be668e5880537046533 The package jenkins-for-jira was found to contain malicious code. Source: ghsa-malware 1f7a28558fe9fa734ff5ef86a48965f24b37790a53a4ec35ca344e548d3818...

MAL-2026-3786 Malicious code in browser-interaction-time-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1f501a0eb27e6959abc3bfd105408bdbd74a0f0e1f97bb22ee881dbd5d9dac6 The package browser-interaction-time-utils was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview jenkins-for-jira is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in browser-interaction-time-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76de4d97b4cff539b3c8793eae793a10581fc4379395a8d2528ab85eb098bd5 The package browser-interaction-time-demo was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3785 Malicious code in browser-interaction-time-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76de4d97b4cff539b3c8793eae793a10581fc4379395a8d2528ab85eb098bd5 The package browser-interaction-time-demo was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview jenkins-forge-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in jenkins-forge-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1752ae807c1ded3c735b8ab75a4119f00de67627fbd4a8802331d487b5e2c229 The package jenkins-forge-utils was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3791 Malicious code in json-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83ea0ffb681b10da082feb66c76e0db908a8ee31cd9b064edca6c41a90a38a87 The package json-pretty-logs was found to contain malicious code. Source: ghsa-malware b86537d3e254ff943b2ca179cb5501c1a02900d518482640d73d0a9892797a...

Malicious Package

Overview babel-6-compatibility-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in babel-6-compatibility-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d77f7edebabddc5ea0e09c0b1df9b7277a2645a506618cad4e4ee0340db67efe The package babel-6-compatibility-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in json-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83ea0ffb681b10da082feb66c76e0db908a8ee31cd9b064edca6c41a90a38a87 The package json-pretty-logs was found to contain malicious code. Source: ghsa-malware b86537d3e254ff943b2ca179cb5501c1a02900d518482640d73d0a9892797a...

Malicious code in alicloud-pop-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8996db2a99f506044afe3fa7d1776936c419425988ce0adab16938e0b1c72498 The package alicloud-pop-core was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview apple-internal-dev-check is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-3745 Malicious code in deepl-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f09b2cb596d2186d9533b703e85192087a2722c8307c51428330658f1972c3a The package deepl-sync was found to contain malicious code. Source: ghsa-malware 901de6816216276cc07830e358c2cae608d89087dba87b4acf0562604011e504 Any...

NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark

NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.8...

MAL-2026-3760 Malicious code in ethers-abstract-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e17d355d974f842bc8db3219ce3f1dc6e643f2a5e1ba8dd0b38a404a8f96e9a8 On npm install, the package's postinstall hook spawns a Node one-liner that uses childprocess.exec to curl/wget...

Malicious code in glob-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 091b8ee02b80a8a3fda11c15a6d0b8f657b639100244a4398d046ded5854eb64 [email protected] is a malicious typosquat with no legitimate functionality. Its index.js is a stub; package.json declares scripts.postinstall: node...