Malicious code in ioredis-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15186d98f16a0cfdcb0cac8d616ea4afc4e6d1443be464ef1a140ab79a5d5d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5666 Malicious code in downlynpm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c54f0f73fe269f9054d27204762149882fd85c82c575dfa40738014f7a594090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5661 Malicious code in @sazka/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f28f82bd2ace12b57cc67c8da0f065ed544157af3148f2680ca8a36c9ef01b21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5655 Malicious code in @hatcha-captcha/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @tribe-digital/shopify-starter-theme is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious Package

Overview @hatcha-captcha/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @snowsight/debug-tooling is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @integrations-center/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-5650 Malicious code in ozone-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a208d054d164fa8fb82cafe470c99be244c6a911aed15ecf2f1546bc10cbbc32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview swagger-express-routes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

MAL-2026-5634 Malicious code in react-photo-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...

MAL-2026-5585 Malicious code in polymarket-clob-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a40eb434e89ad381733b42cb87bd88d0da0913520a210fd4f6da175e1a115f9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview crypto-promise-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @easytipsportal/pos-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3beea7d832b4efd2ebc9c3a8eb2ffe1507564985414f7cf399abbd8fc55bc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-tracked-tony is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @validate-ethereum-address/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31c6ff12976558c9f1b005e95ad8a4c3b366723f0a1409d73f904f568be326cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @validator-sdk/pubkey is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @solana-launchpad/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f311ca65e1dd4812e0b9812be713108a676a6f25c8d48443ab93a97133447b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5499 Malicious code in coinbase-wallet-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ab9b05ffef17005997a718b420c7842eaa66c9e8b6586f8f62ccaeeb3d35a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5384 Malicious code in enquriers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17ff0053c1f18c2d4e2e555119e16463f85cfb7f0c564d64d222a80a84763639 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...