2391 matches found
MAL-2026-6249 Malicious code in blinkit-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ca70b0a6be36daf245deb50dd6b3595a9bfba29c62770e82365152a02832cf8 On npm install, the package's preinstall lifecycle hook runs curl against http://d8s0b82plbq3u5sb2vo0sb3a9obr4yjt7.oast.site/ and POSTs the installer...
Malicious code in zomato-sushi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f631d7af366bbb607f9088550a64939e395d0ce1199777828269de5772d860c package.json declares a preinstall script that runs curl with form-encoded fields carrying the installer's hostname hostname -f, whoami, current...
MAL-2026-6254 Malicious code in zomato-sushi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f631d7af366bbb607f9088550a64939e395d0ce1199777828269de5772d860c package.json declares a preinstall script that runs curl with form-encoded fields carrying the installer's hostname hostname -f, whoami, current...
Malicious code in cryptodao-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b5f3b7ec6eecce3d891664f33660a1c612cdd3c6ac99ba52633ef77a2df543c On npm install, the postinstall hook runs node recon.js, which harvests installer-side secrets and POSTs them over HTTPS with TLS certificate...
MAL-2026-5767 Malicious code in ltidiconf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4ca306052ea5224831743daec9d3944fadff8cb4a7211e980be7669a739d00d [email protected] is an empty wrapper package index.js is module.exports = ;, empty author/description, inflated 99.9.1 version whose sole effect on...
Malicious code in ltidiconf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4ca306052ea5224831743daec9d3944fadff8cb4a7211e980be7669a739d00d [email protected] is an empty wrapper package index.js is module.exports = ;, empty author/description, inflated 99.9.1 version whose sole effect on...
MAL-2026-5682 Malicious code in coral-wraith (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0e5e4aa66ffeb1481fd587c96f596a227c9388b86b3a3443749b5ec9eb09f1 The package's postinstall.js runs at install time and performs a credential-harvest + host-tampering chain against the installer. It enumerates npm...
Malicious code in worker-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e11b6161f4fe3c591bddadbf275003eaac33a1478cda408ac51d85230292e6d package.json declares "postinstall": "node main.js", so installation of [email protected] unconditionally executes main.js on npm install. main.js...
Malicious code in @whatnot-web/www-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe99986935f0b2d200c3192dfc07fc1b6da96c78ac8a4f0a67aa23771e82709 @whatnot-web/[email protected] is a dependency-confusion shell targeting the Whatnot org scope. The package ships an empty library index.js exports ,...
Malicious code in edu-npm-dependency-chain-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...
MAL-2026-5367 Malicious code in odoo-addon-spp-base (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis da9c7bdf0b4ac969bfa720be2b3f87caa4c82a6d3ac7eeda5e74946aa3c1a1de The OpenSSF Package Analysis project identified 'odoo-addon-spp-base' @ 99.0.0 pypi as malicious. It is considered malicious because: - The...
Malicious code in @listings/energy-labels (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41caac3ab1f9c35a72841357174aeeec16c142c08cc28030a875b2dba85f04ba The package declares "preinstall": "node index.js || true" in package.json, so on every npm install the script executes automatically and silently...
Malicious code in sequoia-engineering (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2f9c2bfd3d6035b7f58ea95bdcd1329af80adec3c1ef84cb1a8412c6d4c3bf9b The OpenSSF Package Analysis project identified 'sequoia-engineering' @ 2.2.2 npm as malicious. It is considered malicious because: - The packag...
MAL-2026-5363 Malicious code in @solana-labs/web3-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d11c336c71c73260c2daa9233636b07bc81badb0b9f54b13241f719710a7f5d4 Package name @solana-labs/web3-js impersonates the legitimate @solana/web3.js and index.js simply re-exports the real package as cover. The postinsta...
MAL-2026-5362 Malicious code in @solana-labs/etherjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c086a8d2c3022bc55743fdca944c8810b997ec203e8742606bf14cccee721db Package is published as @solana-labs/etherjs but its README documents itself as @solana-labs/web3.js and instructs consumers to import Connection,...
Malicious code in unifi-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4c0cbc81f0d9b1df2dae7252888e87e046c36d049f2792dc7fc49d72ec1d9c6 Package is a self-described dependency-confusion proof-of-concept published unscoped on the public npm registry under a name presumed to match a...
MAL-2026-5289 Malicious code in unifi-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4c0cbc81f0d9b1df2dae7252888e87e046c36d049f2792dc7fc49d72ec1d9c6 Package is a self-described dependency-confusion proof-of-concept published unscoped on the public npm registry under a name presumed to match a...
Malicious code in encrypted-archive (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c60d89261c09dc6eaea0a3af26af55519421cb927a1b8183009d09b2d4e99b94 On npm install, the package executes a preinstall hook package.json "preinstall": "node index.js || true" that runs index.js, which performs a DNS...
MAL-2026-5288 Malicious code in uisp-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 351b32a85d024168970d1a2e8b7c9c5e6ff6f1d31191390f248a988d9ea6b9a9 package.json declares preinstall: node index.js || true, causing index.js to run automatically on npm install. index.js issues a DNS resolution and...
Malicious code in cms-store-ren (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3593e36ce898d648883ea6f911a5cec1f75f9e8bda5585f7ff5f8754c821de The package's scripts.install runs install.js on every npm install. The script unconditionally POSTs the installer's hostname, OS, and architecture t...