MAL-2026-5244 Malicious code in discord-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in ml-toolkit-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @draftauth/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3573 Malicious code in @uipath/rpa-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27baf6f8e722fd9803bff5f0d455ae5867fcf87135864df02a6f269cccf659fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/packager-tool-case (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3556 Malicious code in @uipath/orchestrator-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d967b0f36daf789de288eb36c97c6ab5c9de25bad34a8d4866954e495d7303dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/integrationservice-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3ff8598d48c12ca9fe162be025bd370560d125c36c4e5dfebfbb09bccfda3f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-191366 Malicious code in @voiceflow/prettier-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d559f73440d8fdf3f6f155244ce54b5d8d829700d5780778a26f0ac94fb5b59e The package @voiceflow/prettier-config was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191228 Malicious code in @huntersofbook/auth-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 974ee7f388d04b8f3f79de89e780575aab1d7ed2ea4d7ea1a52420d81911f993 The package @huntersofbook/auth-vue was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191295 Malicious code in @posthog/lemon-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bba1e7fb74f376bd3b56d7c910331af7b46fa8c392e697e08f858b837112e061 The package @posthog/lemon-ui was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191281 Malicious code in @oku-ui/tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a877d67aa9ecc5ce75cbb742bfc5ec14376ac9423b13080e69cda80ce1f536e1 The package @oku-ui/tooltip was found to contain malicious code. Source: google-open-source-security...

Malicious code in @voiceflow/nestjs-timeout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13d9067ab95136128bf92e8d28b434d340ae4fd7cd2c8e06f3378c71c3f6f2b1 The package @voiceflow/nestjs-timeout was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191233 Malicious code in @huntersofbook/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 864ad7e5ee11e8337962d5e5ae089ecddbc48e77c50611aadbdab9feb097edfd The package @huntersofbook/ui was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191211 Malicious code in @dev-blinq/blinqioclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a1d417e283165e25dc75c9510f4bcdde80854ca5600090b4de220548e72ae1 The package @dev-blinq/blinqioclient was found to contain malicious code. Source: google-open-source-security...

Malicious code in @voiceflow/nestjs-mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2004e6b1248a0973eb52ceacef7b58dbf4de7c31813ea2b67f07e2788ad3205e The package @voiceflow/nestjs-mongodb was found to contain malicious code. Source: ghsa-malware...

Malicious code in quickswap-v2-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4313e2b3fbb458efed74babcd2a8ec50374c189c7e41f82e4e8c2121350a962e The package quickswap-v2-sdk was found to contain malicious code. Source: ghsa-malware 3166b60c9fe686ac7370d58396dbbfa253204d33049707ea4799b075e6d00b...

Malicious code in quickswap-token-lists (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0934c2b16a82e9886cc6939348bffcb3b75d536fceac933cf1f38bbf9ffdbd05 The package quickswap-token-lists was found to contain malicious code. Source: ghsa-malware...

Malicious code in uniswap-router-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00e3a687837fce5a55d7b2865a9f5f4c2d0e652b52e49dfd86f76a6243ccd2b0 The package uniswap-router-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in @sme-ui/aoma-vevasound-metadata-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ced8f74d8984f217db135b6a331c5aeee6463823f29d90c9e15fa6473aa8fd3 The package @sme-ui/aoma-vevasound-metadata-lib was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191040 Malicious code in @oku-ui/motion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e93c9480f3e0eb944aabc540b3632ec18584ccd90aa5a041c10a5f5b7b2a37a The package @oku-ui/motion was found to contain malicious code. Source: ghsa-malware 8b014f6399b1aca00d79587642fc63ab15d16cb1a2ab7f0bd541da45664d891a...