82358 matches found
Malicious code in nodemon-sudo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffc26c0e85db45d7e314fbce4140e9abda3f2eb0912cf1bd9259572a7b7d8f33 Package nodemon-sudo copies upstream nodemon's identity — package.json reuses Remy Sharp as author, https://nodemon.io as homepage, and...
Malicious code in n8n-nodes-mcputils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa6d921f2167545e1c8e1a4dfa9981a2b9ce2878b1406608d4673aadd00a761b The package poses as an n8n community node for MCP utility helpers but performs unrelated binary-dropper actions. The postinstall lifecycle script ru...
Malicious code in clavue (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ffc14d0e15af336ff2709e543272d2386d767fe185b380c5f2c2baeb78c3cbf The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in clavue-agent-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 399c0d2f1fabfa46b35810b70797862a0fd469076fa9496549237ab413ccada2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
Malicious code in promo-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1a88c879a569b51180b134bd442917610efba2cfc54aa980cb3ec3b4731e84c No concrete evidence of installer-side harm was identified for this package version. There are no indicators of credential theft, environment scrapin...
Malicious code in @vite-ln/build-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8972bbfdd55ad200dd49b08501d7391beca99841f0c36479806f2b1e329950a2 Package @vite-ln/build-ts copies the legitimate vite package's manifest verbatim description 'Native-ESM powered web dev build tool', author 'Evan...
Malicious code in nam-os-a-man (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...
Malicious code in rony-testing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be1a5728b472335e46d1df74becaf6355424f1f32d068bb517c079d88cacc03c The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo.username, hostname...
Malicious code in na-rony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...
Malicious code in vite-json-pwa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f9204782dfa050ba762ce8c8a35c01e9f7b1e8bf82e140854d182f9614080b6 [email protected] impersonates the legitimate vite-plugin-pwa package author metadata claims 'inna voik' while funding/homepage point at the real...
Malicious code in gas-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36241e999d92bad738082bf420fc144391735f9f3707bc4baa0153b4cb0eec8a gas-log impersonates the legitimate eth-gas-reporter package: it reuses that project's README, keywords, badges, and CHANGELOG, and the README even...
Malicious code in wsh4_npm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b6c0b02642cf1c4c0fe420fd03c0c129c21a544144878df4833373da1b98aab On npm install, the package's postinstall hook scripts.postinstall: node index.js auto-executes index.js, which builds a payload containing the...
Malicious code in whs4_nmp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...
Malicious code in runtimedev-link (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e049b6382f522be35ebc44b090d56723dacfc2fe15ffa05b345fe46f5aea392a The package presents itself as "Pure Node.js telemetry for RuntimeDev platform" but implements a full remote-access trojan. The runtimedev-link bin,...
Malicious code in polytrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bb6b9a4e70c868e150f06160b187915bcdeb6c9c8f95095af4766dde92f96c5 [email protected] advertises itself as a Polymarket API SDK, but the exported getPlugin function in index.js issues an HTTP request to...
Malicious code in zredis-typed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 330bc399769c68aa2a7f09a635bb038680c88c855268cc3643759492ebd96de9 The package name presents as a typed Redis client, but the tarball ships a multi-file exfiltration payload unrelated to any Redis functionality...
Malicious code in pinokio-redis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2593226767577439cd32d202e0e5e07ef74a6526f9ad7cb42f4bad087d04aa30 The package name presents as a Redis client for Pinokio, but the shipped tarball contains a credential-harvest and data-relay toolkit that has no...
Malicious code in evm-typechain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a78b4d04410e295cbe340c95e6800a0777717d46ce136f0c30b5593d1bd9738 On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK, passes the returned JSON cookie field to new Function'require',..., a...
Malicious code in load-nuxt-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0f879297070c07197ace88cfb411c61d497ad150e39c2c5c91349737f5d83a The package name resembles the legitimate Nuxt ecosystem tooling e.g., @nuxt/load-nuxt, and the version 99.0.3 is a common dependency-confusion /...