Malicious code in @schedaero/shared (npm)

Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...

MAL-2026-1231 Malicious code in @schedaero/shared (npm)

Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud , has compromised hundreds of npm packages, according to reports from Aikido,...

Malicious code in tehryanx-preinstall-script (npm)

The package tehryanx-preinstall-script was found to contain malicious code...

MAL-2025-34658 Malicious code in tehryanx-preinstall-script (npm)

The package tehryanx-preinstall-script was found to contain malicious code...

Embedded Malicious Package

Overview @toptal/picasso-utils is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

Embedded Malicious Package

Overview @toptal/picasso-typography is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

Embedded Malicious Package

Overview @toptal/picasso-forms is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

Embedded Malicious Package

Overview @toptal/picasso-tailwind is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

Malicious code in natel-plotly-panel (npm)

The package contains suspicious preinstall, preupdate, and test scripts in pakage.json that download and execute code from a remote server oastify.com. This allows for arbitrary code execution and exfiltration of sensitive information username, path, hostname during installation, update, and...

Malicious code in aog-checker (npm)

Malicious package due to data exfiltration via HTTPS and DNS, and a suspicious preinstall script executing code before installation. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7348f881da3fd51ab1de0082ff6538b4c7882dd76eb460e2f64cac368fadd7c7 Any computer that ha...

Malicious code in eslint-plugin-panel-ops (npm)

Malware: Executes code on install, exfiltrates data via DNS to a suspicious domain. Contains a preinstall script and phone-home behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc1ea7508e63005e73356cfdb457f0050ebb7ae1f04cb319592c30a140c4e2f2 Any computer th...

Malicious code in zztest82 (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 632d9a2711114ce930c19d98e24aab1daa8d6d2a81f71ef0025260b16442acec Any computer that has this package install...

Malicious code in zztest890 (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f0bfcc0f336c7ee2a414f1d146dc59634be795c3a17855e4f9f62d26c58958e Any computer that has this package install...

Malicious code in yxt-factor (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=-...

Malicious code in testing098765 (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

Malicious code in archon6 (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9926eff92492428efb3018691093b936b8924920a886240875a09cec72235ead Any computer that has this package install...

Malicious code in my-archon (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c7bbe8cfdc04ced4b0dff759d1be7c1edfc86383d562400758b12247002608f Any computer that has this package install...

Malicious code in dracoon (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

Malicious code in bm_pinterest (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db53ad3a5da691f044a5de461b6045524d00aa3877c21a780694c922ede4c76a Any computer that has this package install...