4 matches found
Malicious code in @sudoughnym/enviro-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02c1c204d0f458d13d7140f4b7a007d551095665a418e9146037be9a5b2b7957 @sudoughnym/[email protected] ships preinstall.js and postinstall.js lifecycle scripts that run automatically on npm install. Both scripts collect...
Malicious code in @webda-infra/search (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3966598d25bae6a0824df09461ccbea8ad8ff22be2b3b93eab681cc733ff73 @webda-infra/[email protected] is a near-empty placeholder index.js is empty, module.exports = whose package.json declares a single dependency, ltidisafe...
Malicious code in @lux2/ssr-catalogue-sfcc (npm)
Package collects system info, exfiltrates data to a suspicious IP, executes shell commands, and uses pre/postinstall scripts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625e0932d70166d526fb8fa4993c8c448699203e795ad308cfe52cd784b28ff The package...
MAL-2026-1384 Malicious code in @lux2/ssr-catalogue-sfcc (npm)
Package collects system info, exfiltrates data to a suspicious IP, executes shell commands, and uses pre/postinstall scripts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625e0932d70166d526fb8fa4993c8c448699203e795ad308cfe52cd784b28ff The package...