Malicious code in @service-suppliers/suppliers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a79ca8ef6257be2fbac9c361b969d9e63ce6a833e42dafa4b558e1f805276502 On npm install, scripts/postinstall.js performs two attacker-benefit actions against the installer. First, it scrapes installer-side credentials: it...

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI, the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign, according to findings from JFrog and Socket. "The affected package version appears to be @bitwarden/[email protected]...

Malicious code in react-autolink-text (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 402f7d8c6db956de1c20cce1c23b9d2585a9210f6aae7859acb956fb66728010 The package react-autolink-text was found to contain malicious code. Source: google-open-source-security...

MAL-2026-2207 Malicious code in @emilgroup/process-manager-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc09d1561452ec50af226b10199a75b846e64e16ccbd9ff7757bf0e4a769d0c2 The package @emilgroup/process-manager-sdk-node was found to contain malicious code. Source: google-open-source-security...

Malicious code in react-leaflet-marker-layer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b37a04b363c4392e401d85320c748dab98c13ff46c74624f21aaa70091b8ae6 The package react-leaflet-marker-layer was found to contain malicious code. Source: google-open-source-security...

Malicious code in @emilgroup/process-manager-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc09d1561452ec50af226b10199a75b846e64e16ccbd9ff7757bf0e4a769d0c2 The package @emilgroup/process-manager-sdk-node was found to contain malicious code. Source: google-open-source-security...

Malicious Package

maleficent contains malicious code. The code when executed in the browser would capture environment variables, OS information, network interface, AWS credentials, npm credentials and ssh keys. It also subsequently prints the information to a local file...

UBUNTU-CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

Node.js third-party modules: Yarn transfers npm credentials over unencrypted http connection

Module module name: yarn version: 1.16.0 npm page: https://www.npmjs.com/package/yarn Module Description Fast, reliable, and secure dependency management. Module Stats Replace stats below with numbers from npm’s module page: 166 703 downloads in the last day 849 928 downloads in the last week 3 7...

Malicious Package

maleficient is a malicious package. During installation, the package executes malicious code to gather system information such as AWS credentials, NPM credentials, SSH keys etc. and prints to a local file on the server, which would potentially be accessed by the attacker later...

Malicious Package

Overview All versions of maleficent contain malicious code. The package is a demonstration of possible risks when installing npm packages. It gathers system information such as: environment variables, OS information, network interface, AWS credentials, npm credentials and ssh keys. The package...

Attackers Use Typo-Squatting To Steal npm Credentials

Hackers seeking developer credentials used typo-squatting to spread malicious code via libraries hosted at the online repository npm. In all, 40 npm packages were found malicious and removed from the Node.js package management registry, according to npm. The attack involved a user named HackTask...