MAL-2026-4880 Malicious code in @car-loans/show-car-year-module (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Malicious code in @the-c-company/scope_packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 36ddd29067e6d60944a4f72e473733f61a21a1f7bd5c731b167d44236a178fbd The OpenSSF Package Analysis project identified '@the-c-company/scopepackages' @ 1.0.0 npm as malicious. It is considered malicious because: - T...