24 matches found
Malicious code in next-locomotive-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a11400eaa7dd74b24610ec815438de047089be7005b94c37717fa2b6f916ab6 The package's declared postinstall script reads the installer's OS username via os.userInfo.username and the machine hostname via os.hostname, compos...
Malicious code in vps-maintenance-paperclip-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48d7d517534385e3776097217c197836517e4f4d84ef29598724c4398bfc875e On import of the server entry module, a top-level try block detaches a shell process that 1 appends an attacker-controlled ssh-ed25519 public key to...
Malicious code in express-initial (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d292a4664135ed1869f907d62fb6472839ab54a59aedb2f3a88022a0c70095 package.json declares "postinstall": "node index.js", so npm install express-initial automatically runs the package's main script. index.js is heavil...
MAL-2026-6543 Malicious code in express-initial (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d292a4664135ed1869f907d62fb6472839ab54a59aedb2f3a88022a0c70095 package.json declares "postinstall": "node index.js", so npm install express-initial automatically runs the package's main script. index.js is heavil...
MAL-2026-6474 Malicious code in ref-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...
Malicious code in oh-my-ashclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005 On npm install, the package's postinstall hook .prepare.cjs executes and harvests installer-side data: hostname, username, OS/arch, Node version, all...
MAL-2026-5727 Malicious code in vite-config-optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...
Malicious code in jextic-eclib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6476409b9cb9296b7f778be375081c8ad12b030658351092e9fef90f4b707 On npm install, the package's postinstall hook postinstall.js requires index.js, whose top-level scanAndExfiltrate call walks the installer's working...
MAL-2026-5624 Malicious code in edu-npm-postinstall-demo2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce30f195fb63661526196defd7d613a58ded58acd1208989400bf6267de6bfb1 On npm install, postinstall.js reads the installer's .env file from INITCWD, harvests environment variable values DEMO-prefixed, collects host...
Malicious code in edu-npm-postinstall-demo2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce30f195fb63661526196defd7d613a58ded58acd1208989400bf6267de6bfb1 On npm install, postinstall.js reads the installer's .env file from INITCWD, harvests environment variable values DEMO-prefixed, collects host...
MAL-2026-5567 Malicious code in field-upload-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17402ad5019d1d433139ce2652d18d2493d87acfd1ede435a94c87eb421f25b1 On every npm install, the package's postinstall lifecycle script in package.json spawns a detached, unref'd Node process that decodes a base64-encode...
Malicious code in @cloudplatform-single-spa/svp-pipeline (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4891 Malicious code in @cloudplatform-single-spa/base-static-page (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @cloudplatform-single-spa/serverless-containers (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4932 Malicious code in @cloudplatform-single-spa/marketplace-main (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4881 Malicious code in @car-loans/wait-task-props (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
MAL-2026-4911 Malicious code in @cloudplatform-single-spa/dataplatform-spark (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-5002 Malicious code in @cloudplatform-single-spa/vpc-endpoint (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @service-suppliers/fetch_suppliers_action_saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a3ebab0ad45763f2a27f43a1f97a820409b215589a45b5f3928b169ffc062bb The postinstall script scripts/postinstall.js performs three independent installer-harm actions on npm install. 1 It enumerates process.env for...
MAL-2026-4524 Malicious code in claude-content-writer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...