Malicious code in brave-search-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7d65e78a73a4cc2064d0ab9210a76c7c55f69553b70879dd649d7ad84e48dc0 The OpenSSF Package Analysis project identified 'brave-search-mcp-server' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2026-5166 Malicious code in sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1699207dcb748d9894d27585d5e49f48e906eae167d75434c15cd15f1aeb5502 The OpenSSF Package Analysis project identified 'sourceflow-tracker' @ 99.91.9 npm as malicious. It is considered malicious because: - The packa...

MAL-2026-5159 Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in @att-ebiz/abs-components-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d9d4d8606057fc579fbbc6ede648c88bb580827838850f589e8887c1dd374a39 The OpenSSF Package Analysis project identified '@att-ebiz/abs-components-bc' @ 99.9.1 npm as malicious. It is considered malicious because: - T...

MAL-2026-5150 Malicious code in @aonunited/angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 411e19a999b3354e6b5ad40e6da82882c1bf314a35d722ade7b3e23eb9c4a46c The OpenSSF Package Analysis project identified '@aonunited/angular' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

Malicious code in @aonunited/angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 411e19a999b3354e6b5ad40e6da82882c1bf314a35d722ade7b3e23eb9c4a46c The OpenSSF Package Analysis project identified '@aonunited/angular' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

MAL-2026-5122 Malicious code in picnic-react-mise-en-place (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d57f4579f4e0842567d9e59bfa74af355f457cbfdfeabe0f65a9e6952f79aa34 The OpenSSF Package Analysis project identified 'picnic-react-mise-en-place' @ 9999.0.0 npm as malicious. It is considered malicious because: -...

Malicious code in cms-storehub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dda5fa0b4771a3299568c8dd8d17d5663d9c8ae782b8c71f4a2baf0ce1f8e5ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5097 Malicious code in cms-storehub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dda5fa0b4771a3299568c8dd8d17d5663d9c8ae782b8c71f4a2baf0ce1f8e5ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5087 Malicious code in buffer-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9d5f9cc02aafc6aacd829af1fe7b8adb4b215f176b9a412ee46ee28372b7805d The OpenSSF Package Analysis project identified 'buffer-utilities' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5028 Malicious code in sorenson-webfonts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ebdc541a49aeb340c75d6a96abee6465496dc22a04e82be2f03b85b2be1c3881 The OpenSSF Package Analysis project identified 'sorenson-webfonts' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

MAL-2026-5027 Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

MAL-2026-4839 Malicious code in hellowornd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e9b9637d126bc60120f015b0af88898fae5cf613a015fd572ab74d2554e6d7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4834 Malicious code in @polka-ui/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 662c2a1b8ad5d264ec01b078f95c130c96398305ba009a2c2de33cc9d7db7486 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in editorial-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in mse-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a953627a77037de50d82384daca1d98d101c4c09b315ab91fd597a43557fbd99 The OpenSSF Package Analysis project identified 'mse-authentication' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

Malicious code in verify-mycommand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f94ffb54a2471d0cc94ce1ea88f741e034221a374f17bfadbd609cb22f14f24 On npm install, postinstall.js executes whoami and id, collects host identity hostname, platform, cwd and CI metadata CI, GITHUBREPOSITORY, NODEENV...

MAL-2026-4287 Malicious code in @audience-common-ui/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e26e359a883cc73de6df21c10ea5bc94596f94ac4c38a3c703f44c91f3a8f1e Package @audience-common-ui/[email protected] is a dependency-confusion probe targeting an internal scope. Both preinstall and postinstall lifecycle...

MAL-2026-4268 Malicious code in asavie-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf12a913426dee622d500474fe3629c5bb3246e1793e3f210916885c6d0481a9 callback.js collects host identity information os.hostname, os.userInfo and transmits it via https.get to an external endpoint at install/load time...