7 matches found
Malicious code in cors-carpo-webdriver-mocha-start (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e76adbe54ed0e722d8d3f209b3befd182623d2d08f49aaebfd39cfb56e2a177 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-111424
Malicious code in markdown-pdf-frontend-rimraf-start npm...
MAL-2025-43922 Malicious code in cygnus-uninstall-prettier-stylelint-start (npm)
The package cygnus-uninstall-prettier-stylelint-start was found to contain malicious code...
MAL-2025-31296 Malicious code in quick-start (npm)
The package quick-start was found to contain malicious code...
Malicious code in material-start (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc52f979cd49a98ecface27ce64a898eb95dad649bd6d9ffac7c11ce434a9697 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1608 Malicious code in material-start (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc52f979cd49a98ecface27ce64a898eb95dad649bd6d9ffac7c11ce434a9697 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
docpress (>=0.1.0 <=0.5.5), metalsmith-start (>=0.6.0 <=1.3.4) +1 more potentially affected by CVE-2021-3189 via slashify (>=0.1.0 <=1.0.0)
slashify NPM version =0.1.0, =0.1.0, =0.6.0, =0.13.3, =1.2.3 Source cves: CVE-2021-3189 Source advisory: OSV:GHSA-F4HQ-453J-P95F...