MAL-2025-191003 Malicious code in react-native-phone-call (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e134ec88971e1ecadce79d1699bde00b798633b1ef9a0f6ebb2dbf67a51cdf5 The package react-native-phone-call was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-retriable-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a3d5e2b867c8c149b9f1a79751ad5cfa9699fe24ec38d49770f9f80a37b3aa The package react-native-retriable-fetch was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199039

Malicious code in react-native-retriable-fetch npm...

MAL-2025-191004 Malicious code in react-native-retriable-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a3d5e2b867c8c149b9f1a79751ad5cfa9699fe24ec38d49770f9f80a37b3aa The package react-native-retriable-fetch was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191005 Malicious code in react-native-view-finder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a61e7a0f7e8f74f89c9dddee6548199270ab45dd47056248e1467bfecca1e4 The package react-native-view-finder was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-view-finder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a61e7a0f7e8f74f89c9dddee6548199270ab45dd47056248e1467bfecca1e4 The package react-native-view-finder was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199038

Malicious code in react-native-view-finder npm...

Malicious code in react-native-websocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48d8c015af60bd1c1cbe48b9005dbbde091d8abc3763d25544d978b8b133094 The package react-native-websocket was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191006 Malicious code in react-native-websocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48d8c015af60bd1c1cbe48b9005dbbde091d8abc3763d25544d978b8b133094 The package react-native-websocket was found to contain malicious code. Source: ghsa-malware...

@digifox/providers (=5.0.3), @wowpay/react-native-sdk (>=1.0.3 <=1.0.21) +3 more potentially affected by unknown CVE via react-native-websocket (=1.0.2)

react-native-websocket NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-websocket and may be impacted: - @digifox/providers =5.0.3 - @wowpay/react-native-sdk =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE...

EUVD-2025-199037

Malicious code in react-native-websocket npm...

EUVD-2025-199036

Malicious code in react-qr-image npm...

MAL-2025-191007 Malicious code in react-qr-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0000767e8d42376cf8a198fa59803da5acb13d0317314fcb57902d5d373f035 The package react-qr-image was found to contain malicious code. Source: ghsa-malware 72459a160e75d16a5a10d9805d6c558aabb61428411359b97050ebf70be1270f...

Malicious code in react-qr-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0000767e8d42376cf8a198fa59803da5acb13d0317314fcb57902d5d373f035 The package react-qr-image was found to contain malicious code. Source: ghsa-malware 72459a160e75d16a5a10d9805d6c558aabb61428411359b97050ebf70be1270f...

axios-basic-logger (=1.0.0), react-micromodal.js (=1.0.0) potentially affected by unknown CVE via pico-uid (=1.0.2)

pico-uid NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on pico-uid and may be impacted: - axios-basic-logger =1.0.0 - react-micromodal.js =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190986...

react-dontgo (>=1.0.1 <=1.0.5) potentially affected by unknown CVE via dont-go (=1.1.1)

dont-go NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on dont-go and may be impacted: - react-dontgo =1.0.1, =1.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190957...

fusiongrid (>=1.0.0 <=1.3.2), react-fusiongrid (>=0.1.0 <=1.1.1) +1 more potentially affected by unknown CVE via svelte-autocomplete-select (=1.1.0)

svelte-autocomplete-select NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on svelte-autocomplete-select and may be impacted: - fusiongrid =1.0.0, =0.1.0, =1.1.0, =1.1.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191016...

@jbrowse/core (>=1.4.0 <=1.7.3), @persistr/js (>=3.6.3 <=3.14.0) +5 more potentially affected by unknown CVE via tenacious-fetch (=2.3.1)

tenacious-fetch NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tenacious-fetch and may be impacted: - @jbrowse/core =1.4.0, =3.6.3, =1.0.5, =1.0.0, =1.2.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191023...

@everreal/react-charts (>=1.0.0 <=1.0.1-ff20697), @everreal/web-analytics (>=0.0.3 <=0.0.12) +1 more potentially affected by unknown CVE via undefsafe-typed (=1.0.2)

undefsafe-typed NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on undefsafe-typed and may be impacted: - @everreal/react-charts =1.0.0, =0.0.3, =1.1.17, =1.2.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190937...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...