2 matches found
MAL-2026-10424 Malicious code in terminal-mascot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3fdf1ac60d0060cb78970c884bcfa7bb5360d9f700c0f8992b66af09cce22ae [email protected] ships a postinstall script install-check.cjs that resolves a bundle URL from a remote JSON config at...
MAL-2026-4571 Malicious code in get-deps-path (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...