176 matches found
Malicious code in @dervix/socket.io (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c299d96dca6144eec3e8be8770c98430139e9b6b982762da448ef50b7bde06a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in abuden26 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 440fa1b32d35cf2c41253e2fd1f63095ea65ac7733fa48edc9abef43877659c7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in log-upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f55c4d43e953e16c7d0325948c789e0fdf1acefaca4b47ceabf199a5288e6f82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6285 Malicious code in new-solt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5a46a9516de2c87a2d451b78ace7033fb9dffa9faa4216b84eb068136098cfa Package [email protected] contains index.js which imports childprocess and invokes execSync with bash and zsh shell strings around lines 315 and 331...
Malicious code in ts-esys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041ff0fd2b76f380705ef23061ebfe469477b2fbec8e025eab49a557431a551e The package is published as ts-esys but its package.json author, repository URL, funding metadata, and README are copied verbatim from MikeMcl/big.js...
MAL-2026-5996 Malicious code in @mastra/agent-browser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ba6a41e7e43733a8334968ce740af8771208c66c7529d9f4319bd62e39601d @mastra/[email protected] declares a dependency on 'easy-day-js@^1.11.21' in package.json, but the package's own compiled code in dist/index.js nev...
Malicious code in @mastra/deployer-netlify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc319f7f95075b9eb23f3c1dbde016dd6f4a23add16bf96a3449149d316d571 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5939 Malicious code in @mastra/ai-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98257d70b56e46a3dcd690478b15c54fb55c270db969b777c0cb42bec21ace37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in hardhat-evmchain (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f369bb56919b0bda50e063229cfaf0fd1b0481d62c6d5fbdf90eb6e5cd6ac6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tailwind-smooth-slider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @squawk/navaids (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb4f88ca950b4d0ba1fb9666f866d8c742a9b0aeeb2657fadae9ed5dcd30359c The package @squawk/navaids was found to contain malicious code. Source: ghsa-malware 62f878f444def0ffdccd14f64cba4ee46bf960745aefb09d0c0ee16ed5ded86...
Malicious code in @tanstack/router-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44bca8f9294a1b6c949228c6741851305336a0b694ce00617c6fcd4b220c30a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in woltpickerapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6352ffe541b2fd35eb37ebb5dbdc78f1f57a51d31b36c6fcae39d21f97c594 The package woltpickerapp was found to contain malicious code. Source: ghsa-malware b0c8234f6a72b4da77be49eb19f15dc41dd1d94b6b8b9bc4bffd3ef9ddb4316b...
Malicious code in vue-scoped-css (npm)
The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
Malicious code in lit-a11y (npm)
The package 'lit-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
MAL-2026-1253 Malicious code in pear-apps-utils-date (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65df5bee974b55dfd58d5816e480664604e9d8b3bf6a7c27c22b92aefeaca124 The package pear-apps-utils-date was found to contain malicious code. Source: ghsa-malware...
Malicious code in mqttoken (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aca93be8c1540d3f53af3e84ab54ac100f00390a05d10931f80ca2941beeb39 The package mqttoken was found to contain malicious code. Source: ghsa-malware c91a888cf7be32a16813cf296ec094ba2d56bf4706c030246a92f686bac1ea2c Any...
MAL-2026-883 Malicious code in ecosystem_ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4987a955f090814c8e125cdaca051b7d106fc4e853cc4e45bc253fbb444f8d94 The package ecosystemui was found to contain malicious code. Source: ghsa-malware 31a22a7e3ce76544adef6885be748f17910483d02a1f19395a520b918516ea63 An...
Malicious code in console-style-pro0o0o0o (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fe7407a5523ef7efe6bec615d9601fe978b9e5de59d19d7e8e2ff054c5e09e9 The package console-style-pro0o0o0o was found to contain malicious code. Source: ghsa-malware...
MAL-2026-750 Malicious code in dspmobile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcd390d34dbfd7246c65b551f8b71dfaba4b78fa438e818cab41a0ea35716c21 The package dspmobile was found to contain malicious code. Source: ghsa-malware 73466b34e7f0da321f410baa9db15370fbf0563af429ef587315608e3507f2b6 Any...