Malicious code in chai-midpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4deffa7a98fc055452391610a3ab832bace310cf34ecc058287f45cab02c656c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nodemon-webpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b105e115122e719d986bfb11b73b58a67decc47f5a6b609b9f5e3ea496eb43ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5174 Malicious code in nodemon-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66b967b89b3b02913d1a55f4fe65d3e7ecf4e39d25f5fd49bfb2879f73724dc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ROOT-APP-NPM-CVE-2026-46625 CVE-2026-46625 in @rootio/js-cookie - Patched by Root

Root has patched CVE-2026-46625 in the @rootio/js-cookie package for Root:npm. Multiple fixed versions available...

Malicious code in brave-search-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7d65e78a73a4cc2064d0ab9210a76c7c55f69553b70879dd649d7ad84e48dc0 The OpenSSF Package Analysis project identified 'brave-search-mcp-server' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2026-5168 Malicious code in vg-interaction-model (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261 The OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 npm as malicious. It is considered malicious because: - The...

Malicious code in vg-interaction-model (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261 The OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 npm as malicious. It is considered malicious because: - The...

ROOT-APP-NPM-GHSA-5C6J-R48X-RMVQ GHSA-5c6j-r48x-rmvq in @rootio/serialize-javascript - Patched by Root

Root has patched GHSA-5c6j-r48x-rmvq in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-69873 CVE-2025-69873 in @rootio/ajv - Patched by Root

Root has patched CVE-2025-69873 in the @rootio/ajv package for Root:npm. Multiple fixed versions available...

MAL-2026-5159 Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5150 Malicious code in @aonunited/angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 411e19a999b3354e6b5ad40e6da82882c1bf314a35d722ade7b3e23eb9c4a46c The OpenSSF Package Analysis project identified '@aonunited/angular' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

Malicious code in @aonunited/angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 411e19a999b3354e6b5ad40e6da82882c1bf314a35d722ade7b3e23eb9c4a46c The OpenSSF Package Analysis project identified '@aonunited/angular' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

Malicious code in rookie-security-test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1af47f1485c4c5bd3c6ee3cb7330781c1892ebc8bea1c59b0a0045c49ab8c93d The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in picnic-react-mise-en-place (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d57f4579f4e0842567d9e59bfa74af355f457cbfdfeabe0f65a9e6952f79aa34 The OpenSSF Package Analysis project identified 'picnic-react-mise-en-place' @ 9999.0.0 npm as malicious. It is considered malicious because: -...

Malicious code in @chat-template/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90c0b7addd5c00b1a582b2097be6020f543e892e5189b58bd0ba94d94e1e5056 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5102 Malicious code in @ewfewfewf/testhackerrr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47e70cb260a34952bd8dabf1cbb510efbc9072e3d809a03deec32a70745e4d3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5104 Malicious code in @pcldpvkoewpogw/testhacker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75fc3a0b4dc467bfee8bcd715fb5eef861c97aaa7f933a04dc5ac6922af1b8fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @pcldpvkoewpogw/testhacker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75fc3a0b4dc467bfee8bcd715fb5eef861c97aaa7f933a04dc5ac6922af1b8fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5103 Malicious code in @osamdefeirrighs/testhackfrrferrr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc1c3467aded71e3ee2e4dbb16bac4d9257a03410188ea98624a09a4263825c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5107 Malicious code in cms-github (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0c5fca13510452946e5210125e75436d171401f46ce7f1e36e32c266e2cbc41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...