17395 matches found
Malicious code in some-theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97420170b95f54c404226b47901bbd45ec03ed0a427369b50add75297a2dcb80 Package [email protected] was scanned across 2 files with no a static rule matches and no behavioral findings. No install-time lifecycle execution, n...
Malicious code in shopify-internel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb1d4e4e70cff6efbfec48cbf205e071c73a70003863e2293dbf7035547f560 Package name 'shopify-internel' is a one-character misspelling of 'shopify-internal' and appears to squat on the Shopify namespace. The tarball...
Malicious code in tx-guard-snap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fce7ebfc771355b732949df26e92e2ec8a80c0de7cda46bcb865687c33d572ff tx-guard-snap advertises itself as a real-time transaction security analysis MetaMask Snap but performs no analysis. Its onTransaction handler...
Malicious code in chai-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9192d163b3814064c95a23cb11e218732346628f3109517aab7697c2dcb6d016 On require, index.js spawns a detached background node process that runs lib/initializeCaller.js. That module axios.gets a base64-obfuscated URL...
Malicious code in jsf-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6a2a0bbd4939a789673bdca08866c9be58dd361df175695e7f8c1141bed4e47 On require'jsf-utils', lib/string/pathcase.js runs a top-level async IIFE that fetches a JavaScript payload from https://jsonkeeper.com/b/BPB86 and...
Malicious code in typescript-base58 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b860a9c4960f55c236ca5e14781f5dcfb60752d4367cb9aeb30762d3b023004e [email protected] is a one-line re-export of the 'base58-core' package. The README advertises 'Zero dependencies' while package.json declares a...
Malicious code in base58-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a7d188e2cd79918987f2008e93bb80ea9979d791b357f8f7cfd892321ded6c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in solana-address-codec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae The package name resembles utilities in the Solana ecosystem e.g., @solana/addresses and address codec helpers, which is a common target for typosqua...
Malicious code in @sqlite-access/nodesql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5454044dfacdd12da8025ba7a7c73260f16c64b29dbd25ebda52af4d03e8450c The package presents a three-way identity mismatch: the scoped name @sqlite-access/nodesql implies a SQL-access library, the README markets a...
Malicious code in mcp-server-pg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d68bdfced357622e33e4608bd35ded4d8988ea6dc7da073b3a83075978815d On npm install, scripts/postinstall.js unconditionally reads a range of installer-owned identity and configuration files and POSTs a JSON payload to ...
Malicious code in chai-spycore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb99516f251bbd13baae5273239a6a04acefea76ddf1a7b06f4b5a328339dae Package republishes the chai-spies Chai plugin source verbatim including original author header under the near-identical name chai-spycore...
Malicious code in express-deflect (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284d3f4c5f55f69391b1172ba9d2c714e3ae358a2c92a501049a1495547e1588 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in xnder-sdk-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aeeac149a5afa4797eea935b2a54b66fcf2cfd939fce855655208245ba9e5a7 The package's index.js is heavily obfuscated string-array shift/rotate pattern with hex-encoded indices and a while!! decoder loop. Obfuscation of th...
Malicious code in windrule-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...
Malicious code in txs-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74154a8e4e769872929446eb17b4dc59a1b491508c7bd05e55d1cdb232ecf2aa The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in ts-eslinter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56fe794783cf855aba4980f7186b85866fd3048cbb97803fe8c575192cb30d44 Package name resembles common ESLint/TypeScript tooling and the main entry index.js contains base64 decoding via Buffer.from...,...
Malicious code in competion (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7977f7cd8dcf35f17c8745de465b35f920055be22dbb883dda7abf2e978ef0e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in color-cli-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43d15f0d189a3dff03fe5549073cad30c2c0d648e6b1b12d1385689c84c6888c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tracing-str (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in stacknova (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4eea780e4546d725f38c35c635625e60354e7f48a79c1fcbe76f87e2498d9ce4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...