Malicious code in ignore-html-and-css-imports (npm)

The package 'ignore-html-and-css-imports' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-charcodes (npm)

The package 'transform-charcodes' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in pear-wrk-wdk (npm)

The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in syntax-function-bind (npm)

The package 'syntax-function-bind' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in typescript-validation-schema (npm)

The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1561 Malicious code in transform-es2015-duplicate-keys (npm)

The package 'transform-es2015-duplicate-keys' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1575 Malicious code in transform-typescript (npm)

The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1505 Malicious code in transform-jscript (npm)

The package 'transform-jscript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1514 Malicious code in declaration-block-no-ignored-properties (npm)

The package 'declaration-block-no-ignored-properties' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...

MAL-2026-1559 Malicious code in transform-charcodes (npm)

The package 'transform-charcodes' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1547 Malicious code in pear-wrk-wdk (npm)

The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

MAL-2026-1562 Malicious code in transform-es2015-parameters (npm)

The package 'transform-es2015-parameters' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1545 Malicious code in dazaar-cli (npm)

The package 'dazaar-cli' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

CVE-2026-31886

CVE-2026-31886 affects Dagu (workflow engine) prior to 2.2.4. The dagRunId parameter used by inline DAG execution endpoints is passed into filepath.Join without validation, allowing a directory traversal (e.g., ".."). Go’s Join resolves such paths to system temp directories (like /tmp), and a def...

Malicious code in tailwind-mainanimation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64236873269f6da90599a0e0136ce22979e4bbfd8103cf4850e42c1179ae6cb5 The package tailwind-mainanimation was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1418 Malicious code in tailwind-mainanimation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64236873269f6da90599a0e0136ce22979e4bbfd8103cf4850e42c1179ae6cb5 The package tailwind-mainanimation was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwindcss-style-modify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b0ae66880918a2da3f10a1be7386982be7c7ff76855cf9f401733b92436e1d3 The package tailwindcss-style-modify was found to contain malicious code. Source: ghsa-malware...

Malicious code in twitch-security (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f99261d9b844b178048388c92a488b23fa3bf806bbedbcc40108cb97f0b7087 The package twitch-security was found to contain malicious code. Source: ghsa-malware f46d2713d7df72180db5cb77dcd0cefbbffa8baa5a245e376ab250a84d29fc2...

MAL-2026-1416 Malicious code in twitch-security (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f99261d9b844b178048388c92a488b23fa3bf806bbedbcc40108cb97f0b7087 The package twitch-security was found to contain malicious code. Source: ghsa-malware f46d2713d7df72180db5cb77dcd0cefbbffa8baa5a245e376ab250a84d29fc2...

Malicious code in pulsard-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5088b269cb089b9b077cf5a13f9b00cbb8d01375276ce1e2f1c99fc7154a46be The package pulsard-utils was found to contain malicious code. Source: ghsa-malware ff1030d82dfca7d7403806e0bd8ba645d25cddd141cb5480664a6555f2d441d7...