MAL-2026-2895 Malicious code in chai-as-optimized (npm)

chai-as-optimized is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/0ac7efbc0b6b1a53b305 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

MAL-2026-2891 Malicious code in chai-as-init (npm)

chai-as-init is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/c2e881b8bc0fe2121454 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

MAL-2026-2817 Malicious code in lightweight-charts-4.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f7a7bcf5678b42c2da20ad8e444066092ac3a9c17a6c8867a034717d1d8c344 The package lightweight-charts-4.1 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in lightweight-charts-4.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f7a7bcf5678b42c2da20ad8e444066092ac3a9c17a6c8867a034717d1d8c344 The package lightweight-charts-4.1 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in modern-events (npm)

modern-events is a malicious npm package that when imported and using the function EventEmitter.emit... in file events.js exfiltrates local system information via telegram and slack and downloads a backdoor Win64/FaxedCook to C:/ProgramData/Policy/PublisherPolicy.tms. --- -= Per source details. D...

Malicious code in sanitize-url (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f98260cc1b910a8921671795398ad7f986f02b0b7bc8efef18a4df09b87d51 The package sanitize-url was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in youpin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d2434bf56ac3bd217b20d87570b4be5eb5c96c17669d38ae4bf7c959dd21b29 The package youpin was found to contain malicious code...

MAL-2026-2806 Malicious code in youpin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d2434bf56ac3bd217b20d87570b4be5eb5c96c17669d38ae4bf7c959dd21b29 The package youpin was found to contain malicious code...

MAL-2026-2805 Malicious code in winston-prisma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc2a581514f0a9f03ad807946bb8aa90ed013936e91ed2a413ced0966986921 The package winston-prisma was found to contain malicious code...

MAL-2026-2804 Malicious code in transcript-viewer-ui-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d52899913925c544bb906fcc1d752431c86c54c3465310a8eee4318ba29164e0 The package transcript-viewer-ui-demo was found to contain malicious code...

Malicious code in transcript-viewer-ui-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d52899913925c544bb906fcc1d752431c86c54c3465310a8eee4318ba29164e0 The package transcript-viewer-ui-demo was found to contain malicious code...

MAL-2026-2803 Malicious code in tailwind-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60061f038f742f65f6876c278646b1b91d880677e6ba9dff2c87ea021f5b6aa9 The package tailwind-configuration was found to contain malicious code...

Malicious code in tailwind-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60061f038f742f65f6876c278646b1b91d880677e6ba9dff2c87ea021f5b6aa9 The package tailwind-configuration was found to contain malicious code...

Malicious code in synthetics-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad The package synthetics-sdk-node was found to contain malicious code...

MAL-2026-2802 Malicious code in synthetics-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad The package synthetics-sdk-node was found to contain malicious code...

Malicious code in sfx-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3fe291f014f24a669e43d0092e768f822241c223899812aeeb652ade2dcc63f The package sfx-data was found to contain malicious code...

MAL-2026-2801 Malicious code in sfx-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3fe291f014f24a669e43d0092e768f822241c223899812aeeb652ade2dcc63f The package sfx-data was found to contain malicious code...

Malicious code in separadordeinfo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e2d6619a0d8333edc7c42d4fd1c6b03822b68469735f3ae6bf4afafefce398 The package separadordeinfo was found to contain malicious code...

MAL-2026-2800 Malicious code in separadordeinfo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e2d6619a0d8333edc7c42d4fd1c6b03822b68469735f3ae6bf4afafefce398 The package separadordeinfo was found to contain malicious code...

Malicious code in rtxaspnet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 090604cfa202f9f464d120e8fe6ce4a731ca1011e78d84cf715894ec79e1b3c1 The package rtxaspnet was found to contain malicious code...