4483 matches found
Malicious code in abuden217 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42fce03517a0e7a241f99d0ce806a5bb90a4f70b083a2997c80868f3bc37d4b4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden226 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a4986d9e75be69083a7905e5ef5e4558e17fe8b9f15777a9cd692c882b9d6b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden26 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 440fa1b32d35cf2c41253e2fd1f63095ea65ac7733fa48edc9abef43877659c7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in sixseven2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27752f42df81ff26081065ce5bf64d59fa477dfbed72d1afbd359bffd3ab52df The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in ratelimitsucks2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d35482838ac389f7af960c113776867c9c5a83b1995ad7ece20fd26b71918ce The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in sixseven1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e63dd12f3157bb49fe3951bfb356c83b4b7349eed5947af87b09c40c868382 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in backup3-ff (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a32646e3ad3e35186f8344c19ccdecfd69c26e8047fc44b77c0516b644fd094 The npm package [email protected] ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote...
MAL-2026-6940 Malicious code in rnx-align-deps (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fd85779926afc494fd03f154fa151e30ee831b5aa8f260e01b29ee8f7a676d5 No a static rule matches and no behavioral findings were produced for this package version. There is no evidence of credential access, network...
Malicious code in stacknova (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4eea780e4546d725f38c35c635625e60354e7f48a79c1fcbe76f87e2498d9ce4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6887 Malicious code in tailwind-scroller (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57d21e3f2b10a543d5deb6a3999b78e5414b55ad958ff7811d802cb42386fc8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in log-upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f55c4d43e953e16c7d0325948c789e0fdf1acefaca4b47ceabf199a5288e6f82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6837 Malicious code in eth-tick (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96638eb8282b1eccbe4d7c1b1076340ac1b870d325856e2ad5415c2bf2737eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in big256-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f547bc04e09d0a4a99ac1e49992abd3dc35c02ad1bd963e8d0d07fd0e11464 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pinokio-redis (npm)
pinokio-redis is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...
Malicious code in zredis-typed (npm)
zredis-typed is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...
Malicious code in web-api-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ca2f8dce9e845346901818eadd06a0cda318c99ac3e059cd076d9f4065e2c17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @jacobtan/decode-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6738 Malicious code in @jacobtan/decode-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in authmatrix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58eb7642f8d7e2fb2e898277c6961d2538f40766777a679020f4872b29925806 The package is published as 'authmatrix' with a description suggesting basic auth functionality, but its lib/ tree is a copy of the pino logger and i...
Malicious code in poly-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5aab464aac47233efb564c52d5818fef783efa856f8318c61d61ef99ca0da4e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...