71 matches found
Malicious Package
Overview customerdigital-service-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-4236 Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
MAL-2026-4226 Malicious code in tailwindcss-themers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091ab8da12c1de90002f159fc2db723d4c26b0bc66247c3278f4d07e159ae8c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3169 Malicious code in frank-newton3-db-final (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a69c1c519dbe289ed217a75f1a31ace9b850acdb7df6cdadd95ca68f879f1d The package frank-newton3-db-final was found to contain malicious code. Source: ghsa-malware...
Malicious code in @openwebconcept/theme-owc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9da7f58491c9c4715c34da32da8f4a9d1519075412a9be534d19e6e07466e2 The package @openwebconcept/theme-owc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2976 Malicious code in gleb-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1195db21d930574e3f893e03ace1f465579fc9a50f319979b05f57a0a6d8e252 The package gleb-js was found to contain malicious code. Source: ghsa-malware 24151762712a7288d42bf902b1d0d205f13c6f76668490e7043fe846a8fd241f Any...
MAL-2026-2960 Malicious code in apple-auth-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f287635d5bb4ba311de3a315d8b730e159dd7dee46e68896e94f07d1b4d91860 The package apple-auth-internal was found to contain malicious code. Source: ghsa-malware...
Malicious code in @emilgroup/api-documentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58c245a310d05383d1fdf2e98691e5ea42d0505bdab8e27120537609d6bb4acd The package @emilgroup/api-documentation was found to contain malicious code. Source: ghsa-malware...
Malicious code in json-merge-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e8d9c37feb30d5a44f7a94620c3a09d182a34cd5ccc1e7c97aaf4a991ab10 The package json-merge-tool was found to contain malicious code. Source: ghsa-malware 4bb041118bdac1123bd722a9b1f99ddb6ca406f7ce80d5de344b2c36614b89e...
Malicious code in hiagentevilmcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e09d1f143c91999c7fa8d60f7aa4164df3faf284036d40e6b655020c49bdb83 The package hiagentevilmcp was found to contain malicious code. Source: ghsa-malware 209c7d8065878076cf2456b7c62417093a08c273371a3bcc6059b240be5b3223...
Malicious code in @skyzopedia/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2851df7c45fca156556e4b7c5fef4c60ed254a43c4e6e51c6e02d8b5ca5a20 The package @skyzopedia/libsignal-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1016 Malicious code in js-multer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50fbd8b0061a32bc73c0f643e53d0522b03117bda560c40b279b8cdebe5a1100 The package js-multer was found to contain malicious code. Source: ghsa-malware 330a991375f32abf73368d5d321c5a485cd844db42ccaa02388ebe61bc013376 Any...
Malicious code in ncodeauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f00fcaac77b28bc2ce7fd09837de2d46fd48c6bd32d11d39a98e2450d754843f The package ncodeauth was found to contain malicious code. Source: ghsa-malware 844237bb9b9aab92cf332246dacc9675c295acc85e6f914b9b9da957f04f7490 Any...
Malicious code in 1kzr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1191bf170b21e0c9c0b1904f808522aa27e23736bb05c9c16332fd1a97e52332 The package 1kzr was found to contain malicious code. Source: ghsa-malware 715d44ba7af24784970425367d9e909f00a7b64031c3004b2fe93628232ab95c Any...
Malicious code in jsonify-errors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4b6594184587f6475f55e2b97c6f1af77e43da5026cc23d96dec6cfc70c1537 The package jsonify-errors was found to contain malicious code. Source: ghsa-malware 756f389321cc3f827ceaff0d493d6792c81f6b2917bb67890f07c81dc6f64b1d...
Malicious code in @medusajs/analytics-posthog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4bcda5a08e7631f3c8bdbfd1c6a827a23b4a2cadf1ca3ca3a1ae32674df5172 The package @medusajs/analytics-posthog was found to contain malicious code. Source: ghsa-malware...
Malicious code in @strapbuild/react-native-perspective-image-cropper-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e2f74d9d1d21777c83aa98d57c78a19a6161665a8af16c87f380f0d5b8139e The package @strapbuild/react-native-perspective-image-cropper-2 was found to contain malicious code. Source: ghsa-malware...
MAL-2025-48305 Malicious code in tailwind-style-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 405756ca6b244b2da943e5c301d715776df3e507385f429dc2a6cf091a682931 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48046 Malicious code in redirect-4nwrkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe78fd275f2d6de5f5413670b1c4bfae9179f5046ea4a84667876f11670c2c26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tmp-npmsnha (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6b7dcde36d84ee5704ed922a7c1b72873a03638a5f31d9e7a57aa2c7c4d2399 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...