Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

@datalayer/jupyter-react (=0.9.5) potentially affected by CVE-2026-42557 via @jupyterlab/apputils-extension (=4.1.0-beta.0)

@jupyterlab/apputils-extension NPM version =4.1.0-beta.0 is affected by a known vulnerability. The following packages have a transitive dependency on @jupyterlab/apputils-extension and may be impacted: - @datalayer/jupyter-react =0.9.5 Source cves: CVE-2026-42557 Source advisory:...

@unhead/angular (>=3.0.0 <=3.0.0-rc.4), @unhead/react (>=3.0.0 <=3.0.0-rc.4) +4 more potentially affected by unknown CVE via unhead (>=3.0.0-beta.5 <=3.0.0)

unhead NPM version =3.0.0-beta.5, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-rc.4 Source cves: unknown CVE Source advisory: SNYK:JS-UNHEAD-15989796...

Malicious code in @emerald-react/data-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e3fa586593204d665de94f83c5ea8f0bf33a55ea4d5a8ae915e8ba32b9ba176 The package @emerald-react/data-table was found to contain malicious code...

MAL-2026-1596 Malicious code in @emerald-react/app-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba1bef759f7319b0aca58864ce4ec92e4c9b2ac5a5fc166d8c4b5b755e9e2128 The package @emerald-react/app-header was found to contain malicious code...

Malicious code in react-you-might-not-need-an-effect (npm)

The package 'react-you-might-not-need-an-effect' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 serve...

MAL-2026-1528 Malicious code in react-you-might-not-need-an-effect (npm)

The package 'react-you-might-not-need-an-effect' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 serve...

MAL-2026-755 Malicious code in @jes4l/react-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbda4aa24c8a13be0d237b206780fc2feb5778e65cebf430e2124e49a390cdde The package @jes4l/react-pkg was found to contain malicious code. Source: ghsa-malware 2bd5520cca8e57269ded7f69993dc5257f9085a6706d01d7bc60b17ec80534...

Malicious code in @jes4l/react-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbda4aa24c8a13be0d237b206780fc2feb5778e65cebf430e2124e49a390cdde The package @jes4l/react-pkg was found to contain malicious code. Source: ghsa-malware 2bd5520cca8e57269ded7f69993dc5257f9085a6706d01d7bc60b17ec80534...

Malicious Package

Overview wac-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in @spx-delivery/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b03f32e2859ef16f71897fc985589e436c704979df087b57bb61fedb63e89c51 The package @spx-delivery/react was found to contain malicious code. Source: ghsa-malware...

Malicious code in chakra-ui-2--react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05221f163f14d551b861ff7d6ac6ea0d6c946d288b5d74ef14de5e10f6d6b43d The package chakra-ui-2--react was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-mandes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8242aeb2b6b10985e7b4c0a35cb731d81095b7f039aea2886d0c4c35ffa5d9ea The package react-mandes was found to contain malicious code...

EUVD-2025-199108

Malicious code in react-data-to-export npm...

@zapier/ai-actions-react (>=0.0.1 <=0.1.11) potentially affected by unknown CVE via @zapier/ai-actions (>=0.0.1 <=0.1.11)

@zapier/ai-actions NPM version =0.0.1, =0.0.1, =0.1.11 Source cves: unknown CVE Source advisory: SNYK:JS-ZAPIERAIACTIONS-14103233...

MAL-2025-189520 Malicious code in sirius-react-bootstrap-ignite-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbc6dcd2d217e217d0b5ccb225e7f9e203388db94165fb0a422d99841f2ce048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

@ai-sdk/angular (>=1.1.0-beta.0 <=1.1.0-beta.28), @ai-sdk/langchain (>=1.1.0-beta.0 <=1.1.0-beta.28) +5 more potentially affected by CVE-2025-48985 via ai (>=5.1.0-beta.0 <=5.1.0-beta.8)

ai NPM version =5.1.0-beta.0, =1.1.0-beta.0, =1.1.0-beta.0, =1.1.0-beta.0, =2.1.0-beta.0, =1.1.0-beta.0, =3.1.0-beta.0, =2.1.0-beta.0, =2.1.0-beta.28 Source cves: CVE-2025-48985 Source advisory: SNYK:JS-AI-13863465...

MAL-2025-49057 Malicious code in twilio-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20ffcb178cf9c4a8cc2e9e550a170ff42fa42a341a71eb80330990ce0fc4fe3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview ts-react-important-stuff is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in ts-react-important-stuff (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f663ee64d0eec8043b09ffac22066bd7622e149084a6cb99f128fe1f0ee245e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...