Malicious code in emojifancy-print (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87a0b34b08697e7c8c67b8111ab442ec2d1168f0981b4680fc327a40ba370d79 The package advertises itself as a colorized logger but ships a backdoor in dist/logger.js that fires automatically when the module is loaded. At...

Malicious code in tailwind-typography-stylecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 273b99f5721643d8ba8335fd73b46b4b32f81406d73f44e7a16552e16b8becd6 Package name 'tailwind-typography-stylecss' impersonates the official '@tailwindcss/typography' plugin; the shipped README is a verbatim copy of the...

MAL-2026-4681 Malicious code in tailwind-typography-stylecss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 273b99f5721643d8ba8335fd73b46b4b32f81406d73f44e7a16552e16b8becd6 Package name 'tailwind-typography-stylecss' impersonates the official '@tailwindcss/typography' plugin; the shipped README is a verbatim copy of the...

Malicious code in tailwind-style-typography (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0818530f40672586168012538662486135f040526d0e4377f362b6bfe2f61bd2 The package name impersonates the official @tailwindcss/typography plugin and replicates its README and source verbatim including links to...

MAL-2026-4680 Malicious code in tailwind-style-typography (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0818530f40672586168012538662486135f040526d0e4377f362b6bfe2f61bd2 The package name impersonates the official @tailwindcss/typography plugin and replicates its README and source verbatim including links to...

MAL-2026-4610 Malicious code in midcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...

MAL-2026-4393 Malicious code in @hanssoft/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a Package name impersonates the well-known libsignal-node Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. O...

Malicious code in @tailwind-core/oxide-linux-x64-gnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a107a0746f2f5159d661e4d332eac53f871b9d22f80caf5863bdd713e252ae00 The package name '@tailwind-core/oxide-linux-x64-gnu' impersonates the legitimate Tailwind CSS v4 oxide engine package...

MAL-2026-4448 Malicious code in @tailwind-core/oxide-linux-x64-gnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a107a0746f2f5159d661e4d332eac53f871b9d22f80caf5863bdd713e252ae00 The package name '@tailwind-core/oxide-linux-x64-gnu' impersonates the legitimate Tailwind CSS v4 oxide engine package...

MAL-2026-4499 Malicious code in bolt-delivery-menu-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc39247db76b4edd80084e400324518739f141dafda621d368c3e5a9ac41f791 Package executes a DNS-based beacon at both install time package.json scripts.install runs node index.js and on every require of the module...

GO-2026-4965 Nuclei: Local File Read via require() Module Loader Bypass in github.com/projectdiscovery/nuclei

Nuclei: Local File Read via require Module Loader Bypass in github.com/projectdiscovery/nuclei...

MAL-2026-4569 Malicious code in gator-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...

MAL-2026-4662 Malicious code in rendezvous-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4a03eaa6b09e5b9e291dd450f58e49a639c3efd8fa952f5ac48f9aea04aba4 On npm install scripts.install runs node index.js and on require'rendezvous-js', lib/core.js collects os.userInfo.username, os.hostname, and the...

Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...

MAL-2026-4736 Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...

Malicious code in @weirdorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28e2fe6ac03c8e426aeb69f62bf0b2bd4dfdb06a5acee273bb5967186c5504d @weirdorg/config impersonates the widely-used config node-config package, copying its README verbatim including the require'config' usage example. Th...

MAL-2026-4466 Malicious code in @weirdorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28e2fe6ac03c8e426aeb69f62bf0b2bd4dfdb06a5acee273bb5967186c5504d @weirdorg/config impersonates the widely-used config node-config package, copying its README verbatim including the require'config' usage example. Th...

MAL-2026-4506 Malicious code in cb-wallet-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d076ee3d487c7c10f785494c4391e39eb327b696224d5653746144fa5ac8d37 Package name 'cb-wallet-data' targets a presumed Coinbase-internal namespace and is published by an unaffiliated party. Both postinstall.js npm insta...

Malicious code in jsonbson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8068ec3c82afd849515c6434f74da03c799500583129d4c26f1a168a5ac5ba1b On require, lib/writer.js loaded via main=pino.js collects a full snapshot of process.env, OS platform, hostname, username, and external MAC addresse...

PT-2026-42369

Nuclei: Local File Read via require Module Loader Bypass in github.com/projectdiscovery/nuclei...