MAL-2026-5131 Malicious code in @redhat-cloud-services/sources-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5059 Malicious code in chai-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5110f40393583ef41ebcfa3558d782310a40a78227a040480d871c25311b79ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @trp-individual-investor-adv-disc/adv-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fc0ed55f4ec8a9ae7dd408c68635f245461c319bf4e7a0ca85adb25c9eb317b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @limebike/supreme-date-pickers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c82e94fac384ea6891e5aea99635ab429663e321502acbbc9eaaf81864e0d5e On npm install, both preinstall and postinstall hooks execute index.js, which collects the installer's hostname, all non-internal network interface I...

Malicious code in @squawk/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed4b99ef5ac5fd4f25fdd4844c49a608343d6596def04cfb9df850c40e927dc9 The package @squawk/mcp was found to contain malicious code. Source: ghsa-malware 7d06b20db1195e1e5566e553087c2be971625c4a648e9cbfe5c1e0e836b93aa9 An...

MAL-2026-3013 Malicious code in undicy-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...

Malicious code in node-unpnotifyserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3da4c961628a8745400bba3a3521ae4fda195c030215758fe40841c1c8946e The package node-unpnotifyserv was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2645 Malicious code in okassistant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec259ed5ca779ea9fce921bd547959b69220b3c9d07ed42c550ecfe2adcec217 The package okassistant was found to contain malicious code. Source: ghsa-malware 26810b15d962f827f687002cec240712d5f77f30a5eeef187362661c1dcff114 An...

Malicious code in @hmm-app/api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a791765dda3352bb35bb02103a904c3a2a17217074721eb39a1e9e8e89687795 The package @hmm-app/api was found to contain malicious code. Source: ghsa-malware 7c883cf4762be6f3e07bf37a48472ac4ff6a8bbe781c4f0f40ca18b832c2c48a A...

MAL-2026-2576 Malicious code in @b2b-portal/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a28e67919e3dfef2a8a434caec109791355b6f43d434d22bd9515f348a692c5e The package @b2b-portal/core was found to contain malicious code. Source: ghsa-malware 7a10dd57d5e27c26f36c8207faa6449838827281be33c9ecc99e025cfdea19...

Malicious code in @ev-tech/eva-container-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 000e7dc4c22d822e052329e85f5a615743547eaafc111f35576b780059ca2afb The package @ev-tech/eva-container-api was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2127 Malicious code in agoda-test-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61298c02c98b568b7b2735848ed2087ced94165a58e6602af9769d359b279056 The package agoda-test-poc was found to contain malicious code. Source: ghsa-malware f1dc100458bb8a2a4c1831d2a680b7895085adc4bb5fa5c90701f52b1165eb8d...

Malicious code in @opengov/ppf-backend-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8323ddb6e5666c3c6e638547538eda9089f97e0e3605f39b2a561d9a436d8fd4 The package @opengov/ppf-backend-types was found to contain malicious code. Source: ghsa-malware...

Malicious code in hiagenttest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ea4b234d38909b534414ea6c060e079ef07575115b5e06919ad1778930e1c02 The package hiagenttest was found to contain malicious code. Source: ghsa-malware 30c4c5863aa45de206d3f6f50505fc89f13e2613c4fb62b80866030d74bc2df1 An...

MAL-2026-1536 Malicious code in typescript-resolvers (npm)

The package 'typescript-resolvers' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1545 Malicious code in dazaar-cli (npm)

The package 'dazaar-cli' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

MAL-2026-1313 Malicious code in iron-pages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0828e4b92294651d9b815203d5e2e7cbe45cce351dfa340bb6a79481a4a0cd The package iron-pages was found to contain malicious code. Source: ghsa-malware ec5456f01c9dadf3a140d1cd4974007405b2fdf1a9f1639c264a194555229ec4 Any...

Malicious code in hiagentevilmcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e09d1f143c91999c7fa8d60f7aa4164df3faf284036d40e6b655020c49bdb83 The package hiagentevilmcp was found to contain malicious code. Source: ghsa-malware 209c7d8065878076cf2456b7c62417093a08c273371a3bcc6059b240be5b3223...

MAL-2026-1147 Malicious code in danzxoffc74-libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82a41216321e9b425e7d33eef60ae4d705b659dad737e18b8a84bee404d031e4 The package danzxoffc74-libsignal was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1122 Malicious code in @sanzxcode/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6946c2edfc02e3a350dd33240e415111649135472f9f5c1d4e22d74fa529d The package @sanzxcode/libsignal-node was found to contain malicious code. Source: ghsa-malware...