MAL-2026-4970 Malicious code in @cloudplatform-single-spa/smk (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/ml-ai-agents-ide (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4959 Malicious code in @cloudplatform-single-spa/pangolin (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in nodejs-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78f634e9e89620bdae97a2ba6be1914334b29090ecd8c222adae9b81f2a0bbf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in babelpluginmodulexresjzlver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b6fa027913105f15b5180aa2048fa3afa2a352f60500efb766c709ff16d9362 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...