105856 matches found
Malicious code in weavedb-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3017d9faf2f1f8a8973162392159e8d185b9c676555d406da261e67cd95395e8 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — its first bytes are the ELF magic \x7fELF\x02\x01\x01,...
MAL-2026-4718 Malicious code in weavedb-exm-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78ab05b11a1c784b066c89ffaff7bdf3a3351c611818e1d310cf718a64f20aec package.json declares "preinstall": "./vendor/setup", causing every npm install weavedb-exm-sdk to execute vendor/setup — a 976,568-byte Linux x86 EL...
Malicious code in weavedb-exm-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78ab05b11a1c784b066c89ffaff7bdf3a3351c611818e1d310cf718a64f20aec package.json declares "preinstall": "./vendor/setup", causing every npm install weavedb-exm-sdk to execute vendor/setup — a 976,568-byte Linux x86 EL...
MAL-2026-4538 Malicious code in create-arnext-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67a5229a06132707ff10eb04a5fc2a19abf029ded0d61e1c9d0814f5cb2bb667 The package declares "preinstall": "./.github/scripts/precheck" in package.json, which invokes a 976KB stripped Linux x8664 ELF binary hidden under...
Malicious code in create-arnext-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67a5229a06132707ff10eb04a5fc2a19abf029ded0d61e1c9d0814f5cb2bb667 The package declares "preinstall": "./.github/scripts/precheck" in package.json, which invokes a 976KB stripped Linux x8664 ELF binary hidden under...
Malicious code in weavedb-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 469844df44557b10f865edf7d3d000fd90c901c6a42cc5402116247dca1528f0 package.json declares "preinstall": "./scripts/postbuild". The referenced file is not a script but a 976,568-byte UPX-packed Linux x86-64 ELF binary...
MAL-2026-4486 Malicious code in atomic-notes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c70dcf4fd11ae58bf4e06b896b2f163d54e3c3a26b66d472bab1e0af126f6f81 package.json declares preinstall:./.github/scripts/precheck, which executes a 976 KB stripped, UPX-packed Linux x8664 ELF shipped at...
Malicious code in weavedb-offchain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d267c34e35dca7091a9ab01d22a9c0a4cfde364531b8017f15f4a09785381198 package.json declares scripts.preinstall: "./.github/scripts/precheck", where precheck is a 976,568-byte stripped Linux ELF binary sha256...
MAL-2026-4722 Malicious code in weavedb-offchain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d267c34e35dca7091a9ab01d22a9c0a4cfde364531b8017f15f4a09785381198 package.json declares scripts.preinstall: "./.github/scripts/precheck", where precheck is a 976,568-byte stripped Linux ELF binary sha256...
Malicious code in ai3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83540d952123c5d1199bbec1a72d0c4c49c428f309b9d68df45e307b852000a7 package.json declares "preinstall": "./.github/scripts/precheck", which points at a 976,568-byte precompiled Linux ELF x86-64 binary shipped inside t...
MAL-2026-4719 Malicious code in weavedb-exm-sdk-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3992f423f88c69e8c00223cc0ef81f970b8e178f1854beb00ef443586302ad89 package.json declares "preinstall": "./bin/install-deps", which runs a 976KB UPX-packed Linux x86 ELF binary on every npm install. The package...
Malicious code in weavedb-exm-sdk-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3992f423f88c69e8c00223cc0ef81f970b8e178f1854beb00ef443586302ad89 package.json declares "preinstall": "./bin/install-deps", which runs a 976KB UPX-packed Linux x86 ELF binary on every npm install. The package...
Malicious code in fpjson-lang (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38aca097f261c15ef9901f259883679e2d4308d6e4053099643c8befe9a14318 package.json declares "preinstall": "./bin/install-deps", causing npm to execute a 954KB packed Linux ELF binary on every install. The package...
Malicious code in wdb-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05323f987b64131618be124040867a2acb216aef96952a6a3dfc11c615501500 package.json declares "preinstall": "./dist/runtime.node", causing npm to spawn the shipped file as an executable on every install on Linux. Despite...
MAL-2026-4613 Malicious code in monade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32631bc0128011d7e526d2665460d2e4562c2d50602e38218e2ad3078635726a [email protected] advertises itself as a JavaScript monad/flow utility library cjs/index.js exports flow, of, opt, ka, dev, yet ships a 976KB UPX-packed...
Malicious code in wdb-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddd306d024c4dd394d19c1adb610389f239fa619d25fff4f75b857a678da0ee package.json declares "preinstall": "./vendor/setup", which on every npm install invokes a 976568-byte Linux x86 ELF binary shipped inside the packag...
MAL-2026-4712 Malicious code in warp-contracts-plugin-deploy-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac3a02c9f004d72f8975e0e93fb0810818b509cf295cf9a567c882afaf9a7444 Package name warp-contracts-plugin-deploy-test mimics the legitimate warp-contracts-plugin-deploy and copies its public API surface lib/cjs/index.js...
Malicious code in testnpmnmp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e82942b1fcdaed1a1085ad9590ef93704e276c5c5ca1622884abac014f03980f package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976,568-byte unsigned, unhashed, unversioned Linux ELF...
MAL-2026-4691 Malicious code in testnpmnmp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e82942b1fcdaed1a1085ad9590ef93704e276c5c5ca1622884abac014f03980f package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976,568-byte unsigned, unhashed, unversioned Linux ELF...
Malicious code in test-ajs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851b521e3dde5ea11478cd37cc4bf8da2f0a0ca1864d6c39fa27fd02ef0f9308 test-ajs advertises a 2KB React/Recoil helper dist/cjs/index.js, 2169 bytes, exporting Roid/inject glue over react+recoil but ships a 976KB Linux ELF...