MAL-2025-47261 Malicious code in @operato/pull-to-refresh (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39c531d69236f30c439fba626f7b50e5ec2e952f4f6f6f933a5ae1603f7494b1 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in @nativescript-community/ui-pulltorefresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650cf81e4420b496c9854a80da4f8ba77516648b74a4b352e7099c04ecc4f026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...