7 matches found
Malicious code in autotel-eventcatalog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21a008fc4c3a9bff3d0c920364ff6e56ab62ff607408a040e7e959ad3cb461d9 No concrete installer-harm evidence was identified for this package version. No lifecycle-script droppers, credential reads, hardcoded exfiltration...
MAL-2026-5264 Malicious code in node-env-resolver-dotenvx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1935de81fae9e35f6c7373f982092558f30d269b205a6edf0d847fb86d0bf3b5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5218 Malicious code in autotel-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1bce8c001a8e85b493ccdd8af1e3e57f3578d1026e6d5d147374b0a68467313 autotel-devtools ships bundled CommonJS and ESM artifacts dist/cli.cjs, dist/cli.js, dist/index.cjs, dist/index.js, dist/server/index.cjs,...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-187129 Malicious code in geckodriver-public-paleobotany-telesto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cd54efa4724d44aff0fe9aa5a62b9fc47072ffd0871a2d90ea2287aa4e62776 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nabila-poke51 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9625f0915502bf4dbc760cf3aa2ae775d7d48a7d10aa2470883d6e02512c260a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fajar-lengko49-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faaf09a8ce0f99ec842a15098a78aacf124ec8e76cf27eebcb1741e36e8dbb00 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...