82086 matches found
MAL-2026-4327 Malicious code in ts-relayer-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9f9e2000d1658b2543f1c5cbad624d62c9f64ee71f90282e774cb6222c4d857 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4318 Malicious code in levex-press (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f33c109f544ebe960d2fe2880abba71a8abbbcfc1b8042ca5c5d5d9e6ac6b557 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in flow-parser-oxidized (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 656e2f1d3b8c65b9726bb52918453404799c461b0db5ae89061e6b740aa4862d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview flow-parser-oxidized is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4296 Malicious code in mcp-dashboards-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 720dd8595b499c7de37cf7521350fc060292eeea4742de4d8266a9cd7799152c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4294 Malicious code in flow-parser-oxidized (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 656e2f1d3b8c65b9726bb52918453404799c461b0db5ae89061e6b740aa4862d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in chai-as-float (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57fa3a7c5d47c518f43c819b91f8ae0bbdffbcf6fce42a1ebbce89e7d9c29199 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in chai-as-buffer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d87a23a90feef04b46f1303ee97b40bb0fe23007381ac6f19e566b038ff83b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4293 Malicious code in chai-as-float (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57fa3a7c5d47c518f43c819b91f8ae0bbdffbcf6fce42a1ebbce89e7d9c29199 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Soroush IM Desktop App 安全漏洞
Soroush IM Desktop App is a cross-platform instant messaging client from Soroush Iran. A security vulnerability exists in Soroush IM Desktop App version 0.17.0, which stems from an authentication bypass that could allow a local attacker to remove passwords by injecting database entries that are...
Malicious Package
Overview workspace-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
MAL-2026-4299 Malicious code in @gbrlxvii/ts-project-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...
Malicious code in token-usage-tracker (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in node-setup-helpers (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in llm-context-compressor (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in prompt-engineering-toolkit (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in project-init-tools (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4279 Malicious code in model-switch-router (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4284 Malicious code in workspace-config-loader (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4280 Malicious code in node-setup-helpers (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...