Malicious code in stripe-internal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e7a911f1602bed2fda7cbacff6567286433df29592c24839ae9980c7fff0e6b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in web3-core-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f9612aaab12b9656a1f1b5fbd7684fdcd57833bbf76d14b2a243f679cb0977 package.json declares a lifecycle hook that invokes require'childprocess' and execSync with a curl command at install time. This pattern fetches remo...

MAL-2026-3420 Malicious code in noon-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3357 Malicious code in 24712-plv2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2611781f2d1097ad72abff46b985c85ced20dc7e9f5f8883adbd3e5f394397ee The package 24712-plv2 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in ally-antivirus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5527c47f32b162abebfbbb8a15c8871ef050e5e0b07f8096b573cab2e6dfec The package ally-antivirus was found to contain malicious code. Source: ghsa-malware 094da0aa0245426ad224e9b2a072377a3c07bfc191bc3fab1d2060cdeaf79387...

MAL-2026-3057 Malicious code in @clearpool/streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector febaceb862fd80f68bdcefbbed2667f056ba0b09cc0607d92962dd0d1c2a8b5d The package @clearpool/streaming was found to contain malicious code. Source: ghsa-malware...

Malicious code in @ozon-complt/antibot-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2b2c8d66cf69cda5e16765e70a8c3615ecfc57baa6a283228bab60dcc337dc The package @ozon-complt/antibot-handler was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apple-pay-trust/validate-merchant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e899c9f267696289778cbf0c2c4f8da289e47bb3bce95ffa4fa4e3fe290722 The package @apple-pay-trust/validate-merchant was found to contain malicious code. Source: ghsa-malware...

Malicious code in @b2b-portal/form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...

Malicious code in cw-isdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae10c11f397ea01855bd467e8a77fc7f7ccb97477c54bfee0bae46cd5c324ca4 The package cw-isdk was found to contain malicious code. Source: ghsa-malware 54e686b27022344685c371190035a9586a04498a711c2456bdd9b5644c43c833 Any...

MAL-2026-1456 Malicious code in rrweb-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2c1a8d89ba0817d9264bc9f6e59c5c1e4c683b98ce32ba7d9bcb3e61f1f016b The package rrweb-v1 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-990 Malicious code in vl-ui-body (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd90d73547d2e88c7a229ca9924f96c2d5e43bc5b1a8cb6b8a182d322d783510 The package vl-ui-body was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-873 Malicious code in @depro0x/despicable-me (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e512041534d296b22312d733434bb54944a4e026f6ddeaa493240cccc429ee9 The package @depro0x/despicable-me was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-190619 Malicious code in hyatt-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45791aa99b3cab0aaa98d1564ffb2226c039f7e31723b2b4e6033d482e1ad3d6 The package hyatt-ui was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-48432 Malicious code in company-browser-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7621dd08044aeaacb68745078c793611d91031eb9852f8f667f739d485efe939 The OpenSSF Package Analysis project identified 'company-browser-package' @ 99.9.10 npm as malicious. It is considered malicious because: - The...

Malicious code in v0-next-shadcn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca5e9e552239df0cdd60e60db1ee3aa37558a7ae490767639b25d3932079c8e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6821 Malicious code in @tradair-repo/sources-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4c2e8efcfd67964d523b508359644439a1c57011cf171ba350241c6949654fe4 The OpenSSF Package Analysis project identified '@tradair-repo/sources-react' @ 1.0.0-malicious npm as malicious. It is considered malicious...

MAL-2025-6820 Malicious code in securitycontext-model-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d0f5dc5cd2ec64246a68ae3d6a8a63b03e25442841125c4fcaf8601002d97bb2 The OpenSSF Package Analysis project identified 'securitycontext-model-paypal' @ 2.2.22 npm as malicious. It is considered malicious because: -...

Malicious code in sendbird-notifications-extension-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis db0ee25cfff1ec99d94cc0e5866df17eda725c53a92c98ce3057df8f5f23c9cc The OpenSSF Package Analysis project identified 'sendbird-notifications-extension-example' @ 1019.0.1 npm as malicious. It is considered malicio...

Malicious code in evo-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1963187cd4dc65fd86ae4bdae898bd2fea39e8e6a8464b3b00e2a83f5dcbb95b The OpenSSF Package Analysis project identified 'evo-web' @ 100.0.2 npm as malicious. It is considered malicious because: - The package executes...