16 matches found
Malicious code in @tailwind-ts/eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...
Malicious code in animatecss-postcss-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...
Malicious code in chain-chai-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...
Malicious code in chalk-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac66dfb6013c32d34c6ce83bdba4628b67539e81df27fe18dcf71d3de05ff8ce Package is published as 'chalk-pro' homepage chalk-pro.com but its main entry is a verbatim copy of nodemailer's API — a typosquat impersonating both...
Malicious code in fastify-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cb91c825be697244f8ff069bb56e79aff3b90de7b9947019095b6d0fa2fd270 fastify-addon is a typosquat of the legitimate fastify-plugin package. Its package.json sets repository, bugs, and homepage to...
Malicious code in webpack-cache-clean (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8656d094ec59721c08eb72a1ec8f1530cd07985edf705032926dd9a19461d9 On npm install, the package runs a postinstall hook node -e "require'./loader.js'" that spawns a detached child process. The child decodes an...
MAL-2026-5578 Malicious code in webpack-cache-clean (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8656d094ec59721c08eb72a1ec8f1530cd07985edf705032926dd9a19461d9 On npm install, the package runs a postinstall hook node -e "require'./loader.js'" that spawns a detached child process. The child decodes an...
Malicious code in wm-idp-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2acf2a0d94ec1d2bada80f3251f5ecbea64d78ffadcab2b997b9708c2ae71cd package.json declares "node-fetch": "https://registry.ctzbg.com/wm-idp-sdk/node-fetch" — a direct HTTPS tarball URL hosted on a domain...
Malicious code in midpatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe668e556f4b46fce125c318ebc3bea93185c78ec36c19f8991bbcb36172a62b The package advertises a logger middleware keywords fast/logger/stream/json, exports module.exports.pino = middleware, file.js wraps a ./pino module ...
Malicious code in oh-langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83b229927c5bc228764ab11651b10bd06c6ff61edffa820a632c343aeec13037 The package configures Langfuse tracing for Claude Code, Codex, and OpenCode. When the operator runs the bundled CLI without explicitly overriding...
Malicious code in git-userhub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 859f77ac10aa89722823e0477f8f6986db2b54dd25b1b2aedb05ee31d5891071 Package name 'git-userhub' is a lookalike of a GitHub-related identity, with no legitimate publisher backing. The package.json declares a postinstall...
Malicious code in vite-json-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7c9683fed8b8696938eb7ad88e158f70a075851b0dd511af991ecd69a4d0fd The package presents itself as a vite/tsconfig path helper and clones the public API of tsconfig-paths createMatchPath, matchFromAbsolutePaths,...
MAL-2026-4705 Malicious code in vite-json-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7c9683fed8b8696938eb7ad88e158f70a075851b0dd511af991ecd69a4d0fd The package presents itself as a vite/tsconfig path helper and clones the public API of tsconfig-paths createMatchPath, matchFromAbsolutePaths,...
Malicious code in get-deps-path (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...
Malicious code in crypto-hash-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 208571de648a5ef9d7b4ae7b6f83151d9c2272f75fc16b42faa75a352ded2e08 Package name and metadata impersonate Sindre Sorhus's legitimate crypto-hash package forged author Sindre Sorhus and repository...
MAL-2026-3775 Malicious code in tsliverhome (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0855b4d02a0d276e8a6cf97b7c62d457b8ef4d851e243d758c2308d451e0876e Package name 'tsliverhome' impersonates the widely-used 'tslib' package 300M weekly downloads. The shipped README.md is a verbatim copy of...