Malicious code in @stockrepublic/republic-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...

MAL-2026-2560 Malicious code in @b2b-portal/uch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eb419e1f7beb102007973e2d226cb2cb5f534096cbc2be8dc538324f3f19db The package @b2b-portal/uch was found to contain malicious code. Source: ghsa-malware e559f0d2d934ad98bda8c11ca6613644ecf3f2584bee7e75c7edf59ecda35d3...

Malicious code in monolith-twirp-codingagentintegrations-codingagentintegrations (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24ecd94ab40a4a1b574b48137b92d60ad65d610301ee07661c928706bd54c81b The OpenSSF Package Analysis project identified 'monolith-twirp-codingagentintegrations-codingagentintegrations' @ 1.0.2 rubygems as malicious. ...

MAL-2025-190592 Malicious code in @ra-ide/ld-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aec551eb9431424b0e79cb127427880ebd5c21b9deb2b8d4a378fb650fb45a84 The package @ra-ide/ld-frontend was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-190521 Malicious code in node-calculator-7bea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddbd5a2cd94466471bef272010b7911c371022bffeeee5ec50e01a0affde411 The package node-calculator-7bea was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-48458 Malicious code in src_plugin_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 396cc58d08775057aef35e59ad51a28c7379449f6f00332d193138ff8b9de09a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-46909 Malicious code in github-kv (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5fcb11aea794afd6b87c58dee41958584041b8638848807223b0633a851e3ad1 The OpenSSF Package Analysis project identified 'github-kv' @ 0.0.1.rdbd1267 rubygems as malicious. It is considered malicious because: - The...

Malicious code in dropbox-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6b91e399de2020315c4cb5a23b17d10a7d6a0e882e45bb2bb92a92ce4d9b59b3 The OpenSSF Package Analysis project identified 'dropbox-tests' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

Malicious code in uuid-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 67e9eea857d57488a09639cf7c62b2507c6f72aa291543d524e2dd9a86532a73 The OpenSSF Package Analysis project identified 'uuid-utils' @ 10.10.11 npm as malicious. It is considered malicious because: - The package...

MAL-2024-10373 Malicious code in nurst (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ebc947e96588d0b0b3e06e9a4be04b7f86c8dedf4716471a19bf7c1c20144cbf A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Malicious code in test-package2345 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 376f2c62728c1d9f82712acd63e4377bd525a0faae2b00a7746dd322c8e5379d The OpenSSF Package Analysis project identified 'test-package2345' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-9058 Malicious code in cloudflare-docs-starlight (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc416353baa88972c0106ceb1b2fa7077b9cfbcd687be15e44c70ee5edc0c526 The OpenSSF Package Analysis project identified 'cloudflare-docs-starlight' @ 1.1.1 npm as malicious. It is considered malicious because: - The...

Malicious code in repo-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 475962f34cf11b2eb56bc65cbb239a83bb17063ca8bb9b0f03d295a5b88e4b6a The OpenSSF Package Analysis project identified 'repo-private' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-8983 Malicious code in spiffe.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6eb1b449a426da8cb050cd7559c89a205d1bcc3ad27411fc486afe58b7ab357 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8046 Malicious code in artifact-lab-3-package-89883da3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc3109f451995d11f0f2e99d58397d06ac2bb036df5ceb90425befb54ea10f14 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...

MAL-2024-7906 Malicious code in @adidas-data-mesh/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cb712751b93462e59fe5e04bbcb56626dfb03735b8179b69e4a1f56a60c1375 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1357 Malicious code in by-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe17032deb287c69fb57c7e240590cb829a046c49e904b65d01686694636d5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1159 Malicious code in tchap-translations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ca575a89e5cfe2c388f248f9084e97b9cc385753de105d2ada5dc6323d1de06f The OpenSSF Package Analysis project identified 'tchap-translations' @ 9.9.10 npm as malicious. It is considered malicious because: - The packag...

MAL-2024-1052 Malicious code in relativity-web-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ceec81f16c03da2474b6b582560b0fc3bd20fa136bb49dadead29fc397209f70 The OpenSSF Package Analysis project identified 'relativity-web-component' @ 2.999.0 npm as malicious. It is considered malicious because: - The...

Malicious code in astar-e2e-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9c7d3b2f90649e2315bacb152ef9917066857fd46b3240dca8dfa09ae075df60 The OpenSSF Package Analysis project identified 'astar-e2e-tests' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...