Lucene search
K

1238 matches found

ossf
ossf
added 18 hours ago2 views

Malicious code in slds-lsp-client (npm)

The slds-lsp-client package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Salesforce SLD...

6.1AI score
Exploits0References2
ossf
ossf
added 18 hours ago4 views

Malicious code in salesforce-vscode-slds (npm)

The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...

6.2AI score
Exploits0References2
ossf
ossf
added 18 hours ago3 views

Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References2
ossf
ossf
added 4 days ago7 views

Malicious code in antsrcsrctest (npm)

The npm package antsrcsrctest masquerades as a "simple date formatting utility" index.js exports a harmless formatDate function that is never referenced by the malicious code but is a credential-harvesting and cloud-metadata-stealing reconnaissance tool. It declares a preinstall: node preinstall....

6.1AI score
Exploits0References2
ossf
ossf
added 4 days ago6 views

Malicious code in testis-pack (npm)

The npm package testis-pack presents itself as a small binary packing/checksum utility pack/unpack/checksum/inspect but embeds an obfuscated dropper. It declares a preinstall: node index.js hook. The strings for the C2 host, path and dropped-binary name are not present in plaintext — they are...

6.5AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.2 views

Malicious code in box-react-uix (npm)

The box-react-uix package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'box' internal...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.4 views

Malicious code in @logdna-web/shared (npm)

The @logdna-web/shared package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @logdna-w...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.3 views

Malicious code in @flex-ng/error-component (npm)

The @flex-ng/error-component package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.3 views

Malicious code in @logdna-web/styles (npm)

The @logdna-web/styles package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @logdna-w...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.3 views

Malicious code in tme-error (npm)

The tme-error package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.1 views

Malicious code in @flex-ng/filter-pipe (npm)

The @flex-ng/filter-pipe package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @flex-n...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.2 views

Malicious code in @idms-corp/auth-ui (npm)

The @idms-corp/auth-ui package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @idms-cor...

6.1AI score
Exploits0References3
ossf
ossf
added 2026/07/06 12:0 a.m.2 views

Malicious code in @flex-ng/header-component (npm)

The @flex-ng/header-component package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.3 views

Malicious code in enbd-react-lib (npm)

The enbd-react-lib package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization an 'enbd' interna...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.3 views

Malicious code in sams-sr-sdk-h5 (npm)

The sams-sr-sdk-h5 package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'sams' internal...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.4 views

Malicious code in enbd-react-logger (npm)

The enbd-react-logger package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization an 'enbd'...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.3 views

Malicious code in enbd-react-error-boundry (npm)

The enbd-react-error-boundry package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization an 'enb...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.4 views

Malicious code in tme-xca (npm)

The tme-xca package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' Travel Mall /...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/30 8:59 p.m.12 views

Malicious code in @sudoughnym/enviro-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02c1c204d0f458d13d7140f4b7a007d551095665a418e9146037be9a5b2b7957 @sudoughnym/[email protected] ships preinstall.js and postinstall.js lifecycle scripts that run automatically on npm install. Both scripts collect...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/29 3:20 a.m.9 views

Malicious code in rebrandly-domains-digger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...

5.8AI score
Exploits0References2
Rows per page
Query Builder