MAL-2026-5461 Malicious code in fhirproxy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 405cf847121f4bfed32bc5679a40b64c1338b142af75823ef9583944a7ae7b5a On npm install via the prepare lifecycle hook and many other lifecycle aliases and on require, index.js performs broad reconnaissance and exfiltratio...

Malicious code in tao-subnet-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e068049248bc5c0b4fc56cb68f5453aedf6d6cb494df9d8bba82ccc2da3eb3ad Package advertises itself as a Bittensor TAO subnet burn-rate Telegram alert tool, but the compiled extension...

MAL-2026-5387 Malicious code in @0xlr/sentry-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cda998358d5cfe20dc0c060f7e212e44ee41e6f369f42c15badbfdd7b796744 On npm install, this package automatically executes postinstall.js, which enumerates the entire process.env every environment variable, including CI...

Malicious code in bittensor-burn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f546bfd362dae8aed49775bf13961c3540c29ef6fa54f484bf57e978d775be The package markets itself as a Bittensor burn-rate monitor but ships a compiled native module bittensorburnwatch/core.cpython-.so that reads the...

MAL-2026-5331 Malicious code in bittensor-burn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f546bfd362dae8aed49775bf13961c3540c29ef6fa54f484bf57e978d775be The package markets itself as a Bittensor burn-rate monitor but ships a compiled native module bittensorburnwatch/core.cpython-.so that reads the...

MAL-2026-5330 Malicious code in bittensor-burn-alert (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e89dc9ff0a5d334b67a01c572c036b0740adf6d8669d2fa25c241a0c098116 The package advertises itself as a Bittensor subnet burn-rate monitor but bundles a covert clipboard surveillance daemon in its compiled core module...

Malicious code in bt-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94719a61950dd5cacc26b288c1fe8ef0d12f0e93720b4f1aa98cdf84ff148f0d Package advertises Bittensor subnet burn-rate monitoring but the compiled core module's own docstring describes itself as a 'clipboard logger +...

Malicious code in bittensor-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16180f1609731d35398f11dbfcb328826d2e39a7acf42fc256b563512645e6e5 Package advertises itself as a Bittensor subnet burn-rate monitor but bundles a live TELEGRAMBOTTOKEN and TELEGRAMCHATID in...

MAL-2026-5292 Malicious code in bittensor-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16180f1609731d35398f11dbfcb328826d2e39a7acf42fc256b563512645e6e5 Package advertises itself as a Bittensor subnet burn-rate monitor but bundles a live TELEGRAMBOTTOKEN and TELEGRAMCHATID in...

Malicious Package

Overview @cloudplatform-single-spa/svp-managed-kubernetes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @cloudplatform-single-spa/installations is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

Malicious code in @cloudplatform-single-spa/agreements (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4866 Malicious code in @car-loans/deal (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

MAL-2026-4717 Malicious code in weavedb-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...

MAL-2026-4599 Malicious code in license-checker-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66ac93280c5fc72f65d15486a69369e4d2c2b289fa6f062a6643b63137fc6aa9 Package name mimics the widely-used license-checker while shipping an undocumented lib/compliance.js module that harvests credentials. The module sca...

MAL-2026-3764 Malicious code in glob-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 091b8ee02b80a8a3fda11c15a6d0b8f657b639100244a4398d046ded5854eb64 [email protected] is a malicious typosquat with no legitimate functionality. Its index.js is a stub; package.json declares scripts.postinstall: node...

Malicious code in dotenvv-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fd33c6e511ab11f10b1dae91e2f083f486dd020bbf2dca5256eabc904f61b7 Package name dotenvv-tool impersonates the popular dotenv package; index.js is an admitted dummy stub "The real payload is in postinstall.js". The...

MAL-2026-3758 Malicious code in dotenvv-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fd33c6e511ab11f10b1dae91e2f083f486dd020bbf2dca5256eabc904f61b7 Package name dotenvv-tool impersonates the popular dotenv package; index.js is an admitted dummy stub "The real payload is in postinstall.js". The...

Malicious code in graphicsctxr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 10408decaf8cace14b8124fa392ee96996c3c91358cb454cbfcd45790d18cdf9 Package contains code to exfiltrate .env to a remote target. Prior to version 2.1.1, it also created a persistent backdoor via embedding a hardcoded SSH key...

MAL-2026-3210 Malicious code in graphicsctxr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 10408decaf8cace14b8124fa392ee96996c3c91358cb454cbfcd45790d18cdf9 Package contains code to exfiltrate .env to a remote target. Prior to version 2.1.1, it also created a persistent backdoor via embedding a hardcoded SSH key...