112 matches found
MAL-2026-6789 Malicious code in @checkrhq/adjudication-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c52d9987ace09f0c48d8b0661bd1fcd3cf4e7e701b5e515810c7f32d99086cf package.json declares a preinstall lifecycle script that runs curl to POST installer reconnaissance data — hostname, current user whoami, working...
MAL-2026-6466 Malicious code in gx-npm-feature-flags (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...
MAL-2026-6251 Malicious code in zomato-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a1b48a397992964f8f3982dc69a33431bfb26c911c29a1e5d124581cef46a40 Dependency-confusion package targeting an internal Zomato namespace. The package ships only a stub index.js module.exports = name: 'zomato-config',...
Malicious code in cryptodao-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5323b2fc30e7603b402729f45345a9c3eb4af8361acaca5d035cc51f9e660cea package.json declares postinstall: node recon.js, which fires automatically on npm install. recon.js enumerates installer-side secrets —...
MAL-2026-5327 Malicious code in @listings/energy-labels (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41caac3ab1f9c35a72841357174aeeec16c142c08cc28030a875b2dba85f04ba The package declares "preinstall": "node index.js || true" in package.json, so on every npm install the script executes automatically and silently...
MAL-2026-5153 Malicious code in @att-ebiz/abs-components-bc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8d1b46db555fda7536bcf080f9dfd0ceed5c731f7a96b2579121598dad6721 Package @att-ebiz/[email protected] is an empty placeholder published to public npm under a scope @att-ebiz that matches AT&T's internal...
Malicious code in justsaying-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1728e1b0cb2ea174743b9e437b707c768bb8979ba6299fedabfd49ea8a7d8e2 The OpenSSF Package Analysis project identified 'justsaying-docs' @ 2.4.4 npm as malicious. It is considered malicious because: - The package...
MAL-2026-4670 Malicious code in skills-detector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...
MAL-2026-4258 Malicious code in @engagehub/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcc397ed87426726776c339f950939ac2da46c12edd018ed4bc48031f7044094 All three lifecycle hooks preinstall, install, postinstall in package.json invoke node telemetry.js, so the payload fires unconditionally on npm...
MAL-2026-4288 Malicious code in @jaggle/resizeobserves (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe4b050d79ecfc702c9222cf3347e49d4530efd23a2120ee040ef32e0a76e4f Package name impersonates the popular @juggle/resize-observer j→j substitution and pluralized 'resizeobserves' and the README is copied verbatim from...
MAL-2026-4171 Malicious code in @mc-xp/mc-monolith-js-src-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2006e65ebcb876e87abed337730b23f079632086ac5af42f731dd65e20dbc56f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zentrafinance/protocol-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dac3a1aa20b56dc05bd68918bf7f6148970c361a102fafcd7d75d807adc36862 The package @zentrafinance/protocol-config was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3663 Malicious code in chia-network (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c7439a1ad4a50c3852597bd31aaf7a3f15c53c2cb9f124b9b350e55517b5f592 The OpenSSF Package Analysis project identified 'chia-network' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in hardhat-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb86c79e7ed3cd429c0f28bc08e00ce020df2ec42fdda086ad8bfca99f259930 package.json declares a postinstall script that base64-decodes the string 'aHR0cDovLzguMjE3Ljc1LjE0NzozMDAwL3BheWxvYWQ=' to the URL...
MAL-2026-3715 Malicious code in solc-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2016baa4fe29c296464b8381f88440457a113d79e2773d2252eb609a15ea2e03 package.json's postinstall lifecycle script runs node -e to base64-decode a hidden URL and pipe its contents to bash: curl -s...
Malicious code in cplace-bmw-emt-mvp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b6d2d57176a41f11e925988396ad8549efc86508c1cc13a7130871f48c15b33 The package cplace-bmw-emt-mvp was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3507 Malicious code in @mimecast-ui/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e59a7d55636b02d0a28954889c22f021de5b4f33c525ce7712706df60cd9af3 The package @mimecast-ui/components was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3365 Malicious code in @b2bneo-rest/api-csf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea4a9f32d6857ac3e548ca117915efd6694039bbc344390f1758f12291776817 The package @b2bneo-rest/api-csf was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3361 Malicious code in 24712-pl5004 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d79bb37b62b8d47ca459db0858a93ffb3c35e3791423c11a0853fb4ab17388e The package 24712-pl5004 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @breezeai-frontend/tailwind-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93dd597412bdae22d265ee51f76a40cefa637f09bdf73cb7ede9ac63daf05ac8 The package @breezeai-frontend/tailwind-config was found to contain malicious code. Source: ghsa-malware...