31 matches found
MAL-2026-5716 Malicious code in beamz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c380f1f0fc3c5cf723cd7d92bf41c30f622aafaa633a32f0a78bf91a3a769d2a The package advertises itself as a credential-transfer CLI but implements transfer by reading the user's Anthropic Claude Code credentials...
Malicious code in 0x2ai-demo7x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e956073a7db6057e4d42af462dba0299152ca992c113d74c715e90574d0efb On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD, placing...
Malicious code in bandkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 687dcebaf30461a2325de226851b84abfb6db6359a12c9392ece9c5ff02a620d bandkit ships a React component BandPanel that, when rendered without an explicit strategyWalletAddress prop — the configuration shown in the package...
MAL-2026-4747 Malicious code in edison-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7 At pip install time, setup.py reads the EDISONQUERY environment variable from the installer's environment and POSTs it to...
MAL-2026-4754 Malicious code in heims (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33e7dda6f116113ebe2bd1ae1ec5238d66f8ada8a87e69a90e49aac1f4eb3f57 The package's WechatUtil.gettoken in src/heims/utils/wechat/wechatutil.py hardcodes a POST to https://token.zhangjianpeng.cn/ with md5appid and...
Malicious code in shiroai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cde2f64fd59e62071433f92eab83a4817f0b306ff1735aa8c31ae31dcaf9830 shiroai is advertised as a CLI where the installer authenticates with their own API key via shiroai login . In practice, cli.js ignores any...
MAL-2026-4578 Malicious code in hiura-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ebb60061f29d4f4279bca1129ebfccefb928bd22364f26961205935ff71393f This is a fork of the Baileys WhatsApp library that adds undocumented behavior abusing the consumer's authenticated WhatsApp account for the author's...
MAL-2026-4598 Malicious code in lhisp-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9ba8f52d22e4435a81a1ffe643e4bb25b0e64fff60c585cac35c164e4ccb24f The package is published as a generic logging library but configures a pino-loki transport whose destination defaults to...
Malicious code in rapyd-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9b157ff532e1e7c1ccd9ae77aec9a89324f24a5a0f27c1ccd70e430f318b60 Package self-presents as a TypeScript SDK for the Rapyd fintech-as-a-service platform and links https://www.rapyd-client.net/ as if it were Rapyd's...
Malicious code in wrld-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58965a325ad88c872b7c01668e4c08ca337b5fa022c15e626e23697d23fb594c The package exposes a public authentication API auth.user.login, auth.user.register, auth.user.get, auth.user.delete, plus an auth.system RPC surface...
Malicious code in mathepy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1 Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes 13 top-level functions askllm,...
MAL-2026-4755 Malicious code in mathepy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1 Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes 13 top-level functions askllm,...
MAL-2026-4380 Malicious code in @dekuzxc/nexca (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35a4db02ce3d3ea022c8a6b5349975b4721d3f2c5b516b6c3dd3dddbfa802271 When a consumer uses the advertised api.listen/listenE2EE flow, every incoming message attachment of type "photo" is auto-uploaded to imgbb.com using...
MAL-2026-4564 Malicious code in finup-mongo-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...
Malicious code in @budetzz/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2dbcccc761971dfc5f844f59f362fe32ee1e0b9a3cd91ddd4fc87be5c8b013a The package is published under the name @budetzz/libsignal-node, impersonating the well-known libsignal Signal-protocol library, but the homepage and...
Malicious code in wdt-erpmcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec852c69947e2a2575ae37ce4a442a67dc01f7328c0c603b94c87aa84803623f wdt-erpmcp advertises itself as a generic MCP wrapper over the caller's Wangdian Tongda WDT ERP, and three of its four tools correctly read WDTAPPKEY...
MAL-2026-4470 Malicious code in @zentrix23/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00e60d3c1f2afd09e236dc4a5ae0cf2373029e6c62c4f7a9c571b13c2da01cd7 This package is a fork of @whiskeysockets/baileys with an undocumented modification: inside makeNewsletterSocket called unconditionally by...
MAL-2026-4675 Malicious code in supership-scan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aebde5ba55a72b6d4c6917ccf22db1427d434fed04cecc22dd16844e2d39033 The package advertises itself as a local-only static analyzer README: "Runs locally. Your code never leaves the machine" and "What's never transmitte...
MAL-2026-4400 Malicious code in @kmmao/happy-coder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...
Malicious code in bitrix24-tasks-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bab6892c4cbccd8f2a92bfc67413a5c5c300a691b104e064f126805e66a3842f build/bitrix24/client.js line 6-7 declares const BITRIX24WEBHOOKURL = process.env.BITRIX24WEBHOOKURL ||...