4 matches found
MAL-2026-5541 Malicious code in @w2d/web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8292b80f3e692b249561a14d94d2dfa0196f2377e7eee027b8dd630d251bd1 The package targets the @w2d scope with an artificially high version 2.999.999 — the canonical dependency-confusion shape designed to outrank an...
Malicious code in platform-tempo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...
MAL-2026-4641 Malicious code in platform-tempo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...
Malicious code in @zyp3_/api-ecom-errors (npm)
The package contains code that makes a suspicious HTTP request to an OAST domain, suggesting data exfiltration or unauthorized tracking. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3906662b72961a45e2a5f250c4204f6ae4c310f177e6e8dfaa97db0a1566b188 Any computer tha...