MAL-2026-5067 Malicious code in ethers-hdnode (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fc28c232270f2534095dbfbc320845737c981a075ca9d542c2482d82a23a85d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4225 Malicious code in tailwindcss-theme-custom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018631578c90dccfae7d22483708ce7ddd497f68e0d1f4cd03c862b47801b59d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3442 Malicious code in @squawk/fixes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c1b4eb0a49d55989cadcce8bda40c86dc03e5776c450cd9643e5b3f43811a87 The package @squawk/fixes was found to contain malicious code. Source: ghsa-malware 9b4ba8be3823ebe8f019d37fa681809a96867a646eeb679dd22682070aa9f570...

MAL-2026-2612 Malicious code in upstart-loan-status (npm)

Malicious package with postinstall script exfiltrating sensitive system data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7850b2e1fe8a8eeebd2a8593220743deeacbed610ada8e460fcd15bc51c732 The...

MAL-2026-2224 Malicious code in jito-validator-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5744d7d3aef03ec852963ebeca1a6357db3aa7bc925bae6e85f173692fc12eb0 The package jito-validator-sdk was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2227 Malicious code in validator-lut-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f447a3c02a6c7ea716862009fcf6853c8d52e05144fa78746cbdbfe3ef000 The package validator-lut-sdk was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1316 Malicious code in xc-input-toggle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25bd6a138ac384a0c310614cf8a679db9c7c02f9b4b44fbfb98910514eb2e80e The package xc-input-toggle was found to contain malicious code. Source: ghsa-malware aa8d4ebd389bd00b1f92bc14e6d9e1a2ffc83e2ef239991e0e01c0bb445166c...

Malicious code in chai-vest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b92343f543acb60949d618ec06160013b1536a63f3db5431a4e24b1eaac2ccae The package chai-vest was found to contain malicious code. Source: ghsa-malware 2d3a82ac6f8ebd7b7eba324f04e78d43fccef2f3ddf20c24014f4768dc50731d Any...

MAL-2026-960 Malicious code in hardhta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc27417b62c3ad399e369577764608120ee2b3662367f1d51bf5fb8378560bcf The package hardhta was found to contain malicious code. Source: ghsa-malware e4174e96a92d9c0d7bbe499ed40d2e4cab9635c61471a1602fd117d8115e2d38 Any...

MAL-2026-827 Malicious code in narrow-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508eafee6916ba29ade3caf0722e7bffe693e53fa35a4e74f0dc385950778f34 The package narrow-array was found to contain malicious code. Source: ghsa-malware 8bbee1a11c9aa9d6feb751063161f9802c6245890a9764cdddf190d3357df462 A...

Malicious code in dotenv-embedded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07a4c23212d813ad58db347e1a5a152b003e1085b18036f047755d05de52fe0b The package dotenv-embedded was found to contain malicious code. Source: ghsa-malware bf0cfff747361e3a51fbd35f3018e05312b4bd030890362b89821789ab2adb5...

MAL-2026-454 Malicious code in @mailpoet/component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d48b40574c65ef747944583fa5a49ac40b673d6932a02247c2cdbd5331a79179 The package @mailpoet/component was found to contain malicious code. Source: ghsa-malware...

MAL-2026-385 Malicious code in blocks-builder-manifest-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30f5efa34a1c44d974502110177cb7a60daf579349ed25937e66e342f7f7c24f The package blocks-builder-manifest-generator was found to contain malicious code. Source: ghsa-malware...

MAL-2026-339 Malicious code in internallib_v355 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dba9a4166fd959eea5357952f1ffba736b4e6c9176ddeff85e0aeb1592edef8 The package internallibv355 was found to contain malicious code. Source: ghsa-malware 41e49779a105339cef2addb161d2a79d3aa2e22201f862ba6c3ef2af1ab1ccd...

MAL-2026-231 Malicious code in pinecone-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c597ee3d643e51ba6eca0553a77be1c79a3e5dc72d8450b09b7f405a558d2d56 The package pinecone-js was found to contain malicious code. Source: ghsa-malware 0e6ef1006a92156684ab8d3e78ab8e036d4c27f591eba5212441a68be8231a66 An...

Malicious code in eslint-supertest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06b784b251ddb3666b203fa36b7e7cd4e9101ff8c468c9d32423a398f40a6689 The package eslint-supertest was found to contain malicious code. Source: ghsa-malware 01ffd1e84f1255f84c7876957e188eed9ab1dad03915006b9f463510c22590...

MAL-2025-192657 Malicious code in yt-smm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3641ecf42237a55c9fb81c4368aa7b83a42d2110a64a733f45d27005cf38dc26 The package yt-smm was found to contain malicious code. Source: ghsa-malware b4d96978cd4e109ed8b360f551af24fd1621dd659f63a490c9de077b587f607b Any...

MAL-2025-192583 Malicious code in swissid-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68ce12ad99bb87750b22a3aa2c0d4bae036e647f446f6c05eb46b7fad1571d13 The package swissid-common was found to contain malicious code. Source: ghsa-malware 2657ec223bbf476c870a3f34e60928d95b1512176e7762f2c01a9aa759f75d98...

Malicious code in portal-lim (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eff3dc977380263ed801e45db7d242fb194b66d319545d913fd30087e7c4b274 The package portal-lim was found to contain malicious code. Source: ghsa-malware 9368b862e0bcedf32684551fa238a7364f7214a84bae4597cff992d6ca8b2993 Any...

MAL-2025-192295 Malicious code in elf-stats-jubilant-ornament-641 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b627f81ef3d4b49b83a86d60778eb2510e4d1cc4a7d0786394c115f194b9264 The package elf-stats-jubilant-ornament-641 was found to contain malicious code. Source: ghsa-malware...