Malicious code in dds-js-idl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c864bc6e21a3795faba4de876942dfffa4baed76c926d96d52c83c32d1f49f69 On npm install, postinstall.js runs whoami via execSync and collects os.hostname, os.platform, cwd, and CI/GitHub env vars, then exfiltrates them ove...

MAL-2026-3083 Malicious code in elementary-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...

MAL-2026-2858 Malicious code in @source-row/source-container (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef1f8f064936d70cf38ce81e5a991bd0514ea059213b17683bf77edfb8cba45b The package @source-row/source-container was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in pt-sc-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 925a5c001d049ecefbe72bc5ba4090904c882bf13b6f97493387fe3ed04a661f The package pt-sc-logger was found to contain malicious code. Source: ghsa-malware deaf63bd8a081fcc49f46fdb9b4300abef500b33eba7034bbd8de142a60db3cd A...

MAL-2026-2566 Malicious code in wm-plugin-visions-recorder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9fc7d1b94e873a6acaa539c03b3deb578141de07e79343acb659b17d4815077 The package wm-plugin-visions-recorder was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192543 Malicious code in mw-proto-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9caaea5d17e80497fb4bce0a5b6ce695c9f917c1fee32da71e8ddaa324b79c2 The package mw-proto-ts was found to contain malicious code. Source: ghsa-malware c668f66eb7f8b165c5db43b6acfc4786387faedad258459906266866c843a4ed An...

Malicious code in elf-stats-snowdusted-stockpile-595 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 313c3813ac8880b0dc1f1a973c0125bf17d9f2c700ddc7a009cfc1efbdb54f4b The package elf-stats-snowdusted-stockpile-595 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-6806 Malicious code in react-native-kraken-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-6805 Malicious code in nodejs-with-singlestore-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2dfae81e2129cf717fbae5a22ecd1938d1ea741de0968e42d5363363d6ea2dfe The OpenSSF Package Analysis project identified 'nodejs-with-singlestore-demo' @ 1002.0.1 npm as malicious. It is considered malicious because: ...

MAL-2025-6798 Malicious code in google-webfonts-helper (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ba7d8c4c4151033fdccecb7ed439075f6c8eb39490462dd7b25aac68d2a22482 The OpenSSF Package Analysis project identified...

MAL-2025-6796 Malicious code in lynx-libs-mono (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7dcde725ba12b559bfd1e62b8d6058ced4b0a5ed11b9f168f8f6f576b42ef801 The OpenSSF Package Analysis project identified 'lynx-libs-mono' @ 1.0.10 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6792 Malicious code in htmlcontent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4aa1c1ab3630fc2aad076dcc5fd9b2205ba7e1079410b1de1b6a757690fdd2b1 The OpenSSF Package Analysis project identified 'htmlcontent' @ 3.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in htmlcontent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4aa1c1ab3630fc2aad076dcc5fd9b2205ba7e1079410b1de1b6a757690fdd2b1 The OpenSSF Package Analysis project identified 'htmlcontent' @ 3.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6791 Malicious code in powerbi-visuals-powerkpi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1708aa2b758d41b3666672f4afb039a73cdfa12345a815feb095ca94f0fcf900 The OpenSSF Package Analysis project identified 'powerbi-visuals-powerkpi' @ 9.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-6700 Malicious code in bp-console-fe-sg (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 521bbcab75dfeaca681fe4eedeb12dcfbe52f54514441c4c397cf234030ca4e1 The OpenSSF Package Analysis project identified 'bp-console-fe-sg' @...

MAL-2025-6676 Malicious code in undeface-test-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 69c9b501034a030dc669fcc1ae2026db2508367cac00b2b2b7e4d8df0a78ad7e The OpenSSF Package Analysis project identified 'undeface-test-2' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6737 Malicious code in newrelic-scheduler (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850 The OpenSSF Package Analysis project identified 'newrelic-scheduler' ...

MAL-2025-6674 Malicious code in undeface-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb90f4f82fed4d59ca2dcb3a39b4b93866778f4f52ae780393bdcf08e389be03 The OpenSSF Package Analysis project identified 'undeface-test' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6673 Malicious code in cerberux (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5695d0b2f501364a21975ae94641cd4afe53e8728199b018ebcea405011d9485 The OpenSSF Package Analysis project identified 'cerberux' @ 3.0.0 np...

MAL-2025-6671 Malicious code in @usaa-grp-payments-web-experience/bk-acknowledge-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b56c4b39f3ee1932940e85cef9f0071fc46b948628c13f5588bd484de40ab42d The OpenSSF Package Analysis project identified '@usaa-grp-payments-web-experience/bk-acknowledge-module' @ 2.9.11 npm as malicious. It is...