276 matches found
MAL-2026-2581 Malicious code in @dtc-campaign-wizard/campaign-wizard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f551e16bdd57ec65154ddd0b1ebe5a701abe98d86f25490fb3c36b19e9fa41 The package @dtc-campaign-wizard/campaign-wizard was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwindcss-typeface-inter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a4cecee37faea4489bd810f6d044cde9205a74e0c225bef7b07cbbe207eb88 The package tailwindcss-typeface-inter was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2099 Malicious code in sfx-event-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ed3495e868bcd1db85182332d575437978593cda12ceca6ab4acf1c4b28accf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in rollup-plugin-polyfill-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1469 Malicious code in n8n-nodes-format-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b8b8fc0a97b9f9e3203a35534d7ff6518dbe0e53753093610315382e5f40b0e The package n8n-nodes-format-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in graphql-request-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e85257ce18204d98a8a6181fa40a75d7feb91477b98f6b86ba89223a9f4e51 The package graphql-request-dom was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1509 Malicious code in transform-remove-debugger (npm)
The package 'transform-remove-debugger' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1565 Malicious code in transform-export-extensions (npm)
The package 'transform-export-extensions' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1575 Malicious code in transform-typescript (npm)
The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in polymarket-trade-bot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1202bbcaa78670992217c3ebaa55bb6edc17c6cb454209114639b680032d068f The package polymarket-trade-bot-api was found to contain malicious code. Source: ghsa-malware...
Malicious code in es1int-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09abead9af9906c0579f5cce39e4e75fd445a6edaa1a5380db01ad7dd1e274f8 The package es1int-config was found to contain malicious code. Source: ghsa-malware 3eb94b9e72fc93f339c87b961f88c598fb78ecd2d5e4aad405d17c7eb3d513b2...
Malicious code in yarsg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2ed8a6379e9f5833efbabb80221cc55ce3456a95d14c77ede9ab581bd8f577 The package yarsg was found to contain malicious code. Source: ghsa-malware 71a7932af2640f624c7daef39143653ecaa9d843bda52f61c22687210fc9961d Any...
MAL-2026-663 Malicious code in transform-async-generator-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 338773642b9997fc33cd7f4eb7cfbca20019115fc184de55077b8b112a45dcc4 The package transform-async-generator-functions was found to contain malicious code. Source: ghsa-malware...
Malicious code in debug-fmt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049bf4db6a598df3cc4db93a71b765670e9b94be0c835ae183fd91c13fe99d8b The package debug-fmt was found to contain malicious code. Source: ghsa-malware 1f7e76c50ec40bd53847463f61469ebfb4691c221c290d98fed82736214216cc Any...
MAL-2026-415 Malicious code in dotenv-expanded (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e36cd005779e12b645b7ec5f6e65df1edae7c6d86736507cd1feacec1ef7cf The package dotenv-expanded was found to contain malicious code. Source: ghsa-malware 8c545865cdbec4a05b0f51103dd3560d60c3f43b818465e4a935a47bf84078d...
Malicious code in @mikudev/ridwan-signal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c96124a8175a81f43ffbd0c2b9acc96782560b9e737266ccac47204d9605f31 The package @mikudev/ridwan-signal was found to contain malicious code. Source: ghsa-malware...
MAL-2026-179 Malicious code in n8n-nodes-vbmkajdsa-uehfitvv-ueqjhhhksdlkkmz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd5b9fc4d665c764917757933148572fd5cfca44be431dd6f84281b068b1ccfc The package n8n-nodes-vbmkajdsa-uehfitvv-ueqjhhhksdlkkmz was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-min (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52c9efaf89a89b5eb291f14408bbc1259e6b222e9ee9445fc01c33753cdc7688 The package chai-min was found to contain malicious code. Source: ghsa-malware 986779b1404de4f7d2869e5db91f49bd49bc402934a8da2ff0990e656495b5a6 Any...
MAL-2026-158 Malicious code in timeout-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1df00c4c63fa8e52f67bf4d40b5dadae1ddcb640d127546671ce2bf53b5eafa7 The package timeout-ts was found to contain malicious code. Source: ghsa-malware 16cf2a5883796e1a03bb6cc6da0182692fa5962abe42950ba3d95709ca928a71 Any...
Malicious code in garfield777 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3626bdc556c590b7c14c524662be21b2c32762a7f92d11468d00e3b2bc11283c The package garfield777 was found to contain malicious code. Source: ghsa-malware 4f2e8d9e848ec713987e09976d8945d2e64232ae0f12a753838199009b91f361 An...