2974 matches found
Malicious code in abuden2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fc679091d0bd079249822993efce7f3ed4ef7d032c73f9aa730a6259f76cb6 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff24 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98d91c65c2ae847d5e741575bbc60ac69c0d2aca4973888c6ce2fc85daac3e30 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-6848 Malicious code in log-format-thread (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...
Malicious code in rs-biginteger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...
Malicious code in two-factor-prompt-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ebb96758f051c0a5a1c8fe97fb05c898f2489f4567fb64fbd271eb103dcadc Package self-identifies as a dependency-confusion proof-of-concept aimed at an internal/private package name. The postinstall script postinstall.js...
MAL-2026-6357 Malicious code in theme-color-picker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...
MAL-2026-5949 Malicious code in @mastra/fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ba29e7c4e2320b4f5852c18ded92c92021cfbc47d5bf8146b1a93ffa58260c7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in cookie-parser-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a673e0454bb102d4e8456e3c26290196c5ae5bf4cf9438ce78f8286fd5c3be Package name and README impersonate the well-known cookie-parser Express middleware. The source is a near-verbatim copy of cookie-parser, except the...
Malicious code in ethereum-kit-1 (npm)
Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...
Malicious code in @ethlete/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b70ddfa1fae6a08ce80a1c1f924e904dde1534eeb55d9fdcdfa9651a89b8e0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in autotel-adapters (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e39e600baede93e3a5b493d603c5fe392c561544c95611960149ac4e7b99f98 No concrete installer-harm evidence was identified for [email protected]. No lifecycle-script droppers, hardcoded exfiltration endpoints,...
Malicious code in @ethlete/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8f99e5213b116197421a47e5d43675c1772592479e5646e6683f28ca5e77873 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in wrangler-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d2085fa4916157b99799df085aa11e3d29bdb9a47f5798c85375b1bfdf8bd7e Package name wrangler-deploy is close to Cloudflare's official wrangler CLI, which raises confusion-risk concerns for developers who may install it...
MAL-2026-5240 Malicious code in create-cf-token (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d9884f6d63e063d1320b8d8efbfb8852f00bd3c18c87b03b445f6978897570 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Malicious code in @ethlete/query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d3334de45d8864ad96963e00aa263c3c1b09678abe9317058965a2b6b026abd The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5255 Malicious code in executable-stories-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc974c5748dbf6c421d343ec3924e31bcc8a56a1202e59818e5282bc239a14f2 [email protected] ships a bundled HTTP server module dist/http.cjs and dist/http.js where pattern matchers flagged co-occurrence of...
MAL-2026-5243 Malicious code in dbmux (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e5a2711ddd8b917b94e7d441193f3cb4b13b5f58b8651c04ee2728119f9f049 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5247 Malicious code in eslint-plugin-executable-stories-jest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f57bad4c5897c34b725457a558ebfe9df86ff8092f5bfd36b1568d6dc5e84da8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5109 Malicious code in shopifyto-cms (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f0fb4ee5fa3c58016b3fa60c91ff3a9b5f30d82cbf65b239a096ef850ccb475 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5157 Malicious code in @tse-digital/core (npm)
Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...