Malicious code in tailwind-clamps-line (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091842cb2bfe94e715b2bfec88b04625ea3350097c037d2b172483905633c20e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @timelycare/api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d515fabb5cd16f351ff33b669a0667cb546d3f75fd308680d21d0edbc411c60a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4844 Malicious code in @polka-ui/reco (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 748e9209b5841d7276bc8325c476b21c3061fdc37dc9db0280f033ba9badc8c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4316 Malicious code in internallib_v95 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446fa224122b28950a2a22289bd7a9bf4a29861cde218c495651e1e58da37176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in explorhub-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 156c492a22f3ae2339a227b3fc1e30bf19ca34e641b031fd2790af69807d0881 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4282 Malicious code in prompt-engineering-toolkit (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-4224 Malicious code in json-spectaculation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5666b784c76bbb0ecb504b52a7e70d17bfe910ad374f223e53deca3b57021278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...

MAL-2026-4240 Malicious code in ethers-multicall-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...

Malicious code in mrgn-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0d991ca84319ea7151b66ece28c7cfe860d1523b6926f63a60d13d7b96dded Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in marginfi-v2-ui-state (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11ff4ff1afbd9d61e37dd14e75ed54936d435bfc765683e33f8b24976290db7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hardhat-core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b62021752710dce40c5fa0491b2c8e75454d25ee7e80bd15e3b5a99ace923ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3657 Malicious code in chai-as-streamed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fef1582aa7fb15599bd48e6f077be4d1a577d3916cf2c2650893f0406ede8ea3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jwscube (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 325d4311f3dd1d82c8f9ee1ddc19a767eb69adf0a338625c8ce1e9d40062dec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mesadev/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @uipath/resources-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 740339e7d1f42f7f163cbe965322c0e9438ae7efd05a29fbd4cc161e6fe5a5f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/insights-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ace6d378b6abec995ee4d1fc628aa32dd0771f340a17fa2e91e2659868509681 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/context-grounding-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08219b377dcb6cc4d5e37e03ac84d8fbce414fc1388eda8d60092c4f468c3cac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/case-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c66eb0255d40992fc638ffb18c027abb448bdd26f8982781cf0f7da3be7b6910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/apollo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...