Malicious code in ecto-spectral-leak-8d4e2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...

Malicious code in @ngt-frontend/widgets-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea73e01bd9fd14de80da7385a457c47d65d0af138480a99f91556880fabf9d3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5111 Malicious code in @redhat-cloud-services/chrome (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in foundry-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/set_initial_loaded (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd44f16d8e16a982d3d1b38f7956db80de10ef3c0c176e7079e684926c1c3c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4283 Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

MAL-2026-3799 Malicious code in dowload_ebok_the_testament_of_solomon_by_king_solomon_frederick_cornwallis_conybeare_5201c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33d6c492e4871ad2384480820ba9bbefb5a987a0675139c6358cc58e645fd95 The package dowloadebokthetestamentofsolomonbykingsolomonfrederickcornwallisconybeare5201c was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwind-text-fill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe1d70f1253bacbb57d827b49a08cede06a039323a86af19cebaa08cefe2cbdd The package tailwind-text-fill was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2950 Malicious code in tailwind-text-fill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe1d70f1253bacbb57d827b49a08cede06a039323a86af19cebaa08cefe2cbdd The package tailwind-text-fill was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2935 Malicious code in @tushar-br/desktop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25eb4a54e706177aecf51b4124524e6e7d0534b02d9b8e6970169a9df8189ef The package @tushar-br/desktop was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2650 Malicious code in one-sdui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ae9d1e61120df70064f163b6e30ced15f3ec724fb27cbc92b9ac1b8d1cd4c02 The package one-sdui was found to contain malicious code. Source: ghsa-malware 3e8ccc46dbdf8114e190c849d6db29184468de377c64467c88e3e33398d54018 Any...

Malicious code in testtestsharp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76d90d4c0413d045792eb3caf31ab7aa89d88854a891b2327107997b39eef91 The package testtestsharp was found to contain malicious code. Source: ghsa-malware a60a14bbd40854d1657cc0976cb3cd48a5cf74e75ed0be4db3d263ccbb782392...

MAL-2026-2125 Malicious code in customerdigital-ui-components-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a8c957edf16da956a7859c7a0e1d8accbe84824b88f1f19f70a01acd07b729 The package customerdigital-ui-components-lib was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2101 Malicious code in sidebar-basket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd1b121a57bf0b4d96e4f902f6d051ff5b485ab7fc412f8940ce2c294ddb660 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-2059 Malicious code in @emilgroup/setting-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7001495cf0c7d9cbe60f2b406b90b4fc34d7a8fc8477c45780cefddf26e28b The package @emilgroup/setting-sdk-node was found to contain malicious code. Source: ghsa-malware...

Malicious code in @emilgroup/claim-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86e7c53acc9840bac58a8ff7aca0a0d40a03ab2a8ac73dd55d0314373528800 The package @emilgroup/claim-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in libsignal-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211e000c840d09f14adc470cd83c124e8a4e49249e78c8a759693e3678c63da2 The package libsignal-mod was found to contain malicious code. Source: ghsa-malware bb9ca486dd8fcc83473d13eb8fd8c5f8881d2be2d8301a167de2d40ad8513c51...

MAL-2026-1046 Malicious code in jest-param-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92f5050070ee0637ff34403bfa22fe7464561a421a99410e084c74e1bd023b08 The package jest-param-validator was found to contain malicious code. Source: ghsa-malware...

Malicious code in contosoapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f1c09ad3c513e077cb24b54846b698e241643d6da17abdd97bf340d6c574eec The package contosoapp was found to contain malicious code. Source: ghsa-malware 71f7d3632ccf62f3b5b7098862038118adec5bb42ab6a16b36c0c384eaf4d582 Any...

Malicious code in osopackage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f944909c442d3ce5de69ca15e63f1dc9aac8408cd2d3875794fde6ac0c4efd The package osopackage was found to contain malicious code. Source: ghsa-malware ea6582943b363713bda63ec879242935fe1a5f5efa7be40fbb87173570f642a0 Any...