Lucene search
K

502 matches found

OSV
OSV
added 2026/06/22 9:53 p.m.8 views

MAL-2026-6273 Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:0 p.m.9 views

Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/19 3:0 p.m.9 views

MAL-2026-6218 Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/18 4:9 a.m.7 views

MAL-2026-6098 Malicious code in stackus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8032b910c8971e79e7d8b0e250ce4d61fd2a2206d6b319a5aed50e32490456 On require, lib/writer.js loaded transitively from the package's main pino.js collects the installer's full process.env together with host identifier...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 4:9 a.m.7 views

Malicious code in stackus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8032b910c8971e79e7d8b0e250ce4d61fd2a2206d6b319a5aed50e32490456 On require, lib/writer.js loaded transitively from the package's main pino.js collects the installer's full process.env together with host identifier...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/16 10:20 p.m.7 views

MAL-2026-5934 Malicious code in ssr-auth-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe43338279cb894ffacc18ef9ec757d4b4fa8b603672b0bedcb4c00d9f8a806 On require'ssr-auth-sync', index.js loads lib/writer.js, which immediately fetches a base64-hidden URL https://www.jsonkeeper.com/b/PJNZP, an anonymo...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:20 p.m.7 views

Malicious code in ssr-auth-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe43338279cb894ffacc18ef9ec757d4b4fa8b603672b0bedcb4c00d9f8a806 On require'ssr-auth-sync', index.js loads lib/writer.js, which immediately fetches a base64-hidden URL https://www.jsonkeeper.com/b/PJNZP, an anonymo...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/16 4:22 p.m.19 views

MAL-2026-5908 Malicious code in chain-chai-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 7:0 a.m.10 views

Malicious code in node-denv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b0701ad772209918c78eb4d038cce43946517f3558cbec1988c121c115a641d node-denv presents itself as a pino-compatible logging middleware index.js exports module.exports.pino = middleware and mimics pino's option shape...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/06/13 7:0 a.m.10 views

MAL-2026-5734 Malicious code in node-denv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b0701ad772209918c78eb4d038cce43946517f3558cbec1988c121c115a641d node-denv presents itself as a pino-compatible logging middleware index.js exports module.exports.pino = middleware and mimics pino's option shape...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:19 a.m.9 views

Malicious code in hex-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d0271fe97ea66e9ff2ba3a0ea225364324f28138af32c337d6ed8b2b99e5ad Package metadata description "A universally-unique, lexicographically-sortable, identifier generator", homepage github.com/ulid/javascript, build...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 9:31 p.m.10 views

Malicious code in react-pinojs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db767edd3581eec08793cb669f0ec59351e61f31501b6d4287b86baea512bb63 Package impersonates the popular pino logger homepage points to getpino.io, description mimics pino's tagline and executes a remote-code-execution...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 8:46 a.m.15 views

Malicious code in react-json-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 8:37 a.m.13 views

Malicious code in react-cleaner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c3d7a072dc204b4c150fae46302a31dafd46c85518d4ba7128fc7d36bf6a53 [email protected] is a pino-logger impersonator package main is pino.js, homepage https://getpino.io, module layout mirrors pino's lib/ tree that, ...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/26 8:37 a.m.16 views

MAL-2026-4791 Malicious code in react-cleaner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c3d7a072dc204b4c150fae46302a31dafd46c85518d4ba7128fc7d36bf6a53 [email protected] is a pino-logger impersonator package main is pino.js, homepage https://getpino.io, module layout mirrors pino's lib/ tree that, ...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 7:8 p.m.12 views

Malicious code in motion-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f13ebafd858996faf32f6987cd969b933bf5c31c7ac329cf55f160bb6bbf6007 This package masquerades as the pino logger README copied from pino, exports module.exports.pino = middleware but its middleware does no logging. Whe...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/05/25 9:58 a.m.12 views

MAL-2026-4491 Malicious code in authcascade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fece3d89e066c6c3452fda608e77747b7d4fa4cbbf6498fd41e5a5a765d57d9 On require'authcascade', the package's main entry pino.js loads lib/writer.js which a builds a data object containing the full process.env, OS...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 12:12 a.m.10 views

Malicious code in loading-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 11:58 p.m.11 views

Malicious code in chai-as-repaired (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 949b90bd3c157955d029f9ea08bc32aea893e452c4ded78df98b80c1b831be76 Package name 'chai-as-repaired' is a 1-edit typosquat of the popular 'chai-as-promised' chai plugin 1M weekly downloads. The published code is...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/22 11:58 p.m.7 views

MAL-2026-4512 Malicious code in chai-as-repaired (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 949b90bd3c157955d029f9ea08bc32aea893e452c4ded78df98b80c1b831be76 Package name 'chai-as-repaired' is a 1-edit typosquat of the popular 'chai-as-promised' chai plugin 1M weekly downloads. The published code is...

5.9AI score
Exploits0References3
Rows per page
Query Builder