MAL-2026-5080 Malicious code in tailwind-clamps-line (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091842cb2bfe94e715b2bfec88b04625ea3350097c037d2b172483905633c20e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4280 Malicious code in node-setup-helpers (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

Malicious code in @uipath/agent-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bf0a4aecf9abab564a34cce85bbd0992c11840dfce74518bc3f21d5fc4e47ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3463 Malicious code in @tanstack/history (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d40d7bafa18dd8987c0ee75b8ffccfc7db076f4521961472d0830ef93a03994e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @kjma/mailcraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69f8916db8f38815341618cd61534b177ef9984ab2dd5774e445bb072fcf10c6 The package @kjma/mailcraft was found to contain malicious code. Source: ghsa-malware 5e4802b882a28ccb6e1c4c9bf610c05c4a2a023d7018fb66c0ac46623b8560d...

Malicious code in pino-pretty-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a9c035f47cbd6beb9e2f47299a689f13823a21eaef04fd6abfa9035dcb120e The package pino-pretty-log was found to contain malicious code. Source: ghsa-malware 5ddd0444ff8834bc42162fb1d88cf6d71f6044c2a636cde204484f654ce6589...

Malicious code in ember-power-calendar-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55191162c66f85fd90f4c2bb6354b569a7ab7cdc6a380289defcc8be784ed434 The package ember-power-calendar-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in big-numben (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61c77ff6fcfee6f58a1a8a5a268bb6db596b9059b965e3bcfd58a88a197179e7 The package big-numben was found to contain malicious code. Source: ghsa-malware ae2b54e5805771f2bde8a32bc288306dc173a176a009f4309baf89672a9827fb Any...

MAL-2026-1554 Malicious code in typescript-validation-schema (npm)

The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in dell-emc-internal-api-drzak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b1c68a3106c50c73d1ede904d8c6fe7b41466a0e619e50c0935a7988293740 The package dell-emc-internal-api-drzak was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1154 Malicious code in rullzdigital (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc6a9ad8fc8b038ba42a8fc8e3175d9e519340d5fbb9f36c946d50495efe670 The package rullzdigital was found to contain malicious code. Source: ghsa-malware 661254fd70224e2719b2260797867b5d063b1928340696642f8b683b04473b06 A...

Malicious code in ethglobal-finale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bdc506129e3fb599d1bb0f5c3a369199b3f58ecda5d8c869d47f25847da6ad The package ethglobal-finale was found to contain malicious code. Source: ghsa-malware 051d643dd2d78f5cfda5a7945e560297dae2d0d8abe72d2b1725846b34951f...

MAL-2026-973 Malicious code in veim (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31b89b91cb42611b74a7be2b2f6da42d03473a69e463276f87761d0ede8c71c The package veim was found to contain malicious code. Source: ghsa-malware e9f54d28eecf643750d870dc5e02deec7b66e42cdc998c589c6de0e58341bc47 Any...

Malicious code in aligned-arrays (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bde941864059bf74245ed1ebf09a7be97e6a01881536ec8ad3913ddf1c1226f The package aligned-arrays was found to contain malicious code. Source: ghsa-malware 4bea95feabe1220983f2c46796cd72f198d1c4125771146d4a3a788f2fdb3b8a...

MAL-2026-720 Malicious code in chai-grab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59ae1d48ae982c1945929febb9d9c184264443d2d93c3f187a42813efbeae89 The package chai-grab was found to contain malicious code. Source: ghsa-malware da21a86e003e8f1a127a9431ea7b49004f0f142dc8f619b04adc74000f145cae Any...

MAL-2026-690 Malicious code in fileupload-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284fb08fce78b3881a87fa045e3cd78babfd4be9859ffd8be916952b1088fc19 The package fileupload-util was found to contain malicious code. Source: ghsa-malware 86e2a72f365ef548c52ca11a5bcfa8cbca1b7ff90e2e35aa34b8d9c2abb9c85...

MAL-2026-689 Malicious code in eslint-config-stitch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3747d49c7b72e1659dde0b66b3e7b95bd198fc6a8f8f37d9a7a1bc2fc76dd54 The package eslint-config-stitch was found to contain malicious code. Source: ghsa-malware...

MAL-2026-658 Malicious code in ansi-universal-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa5e839c2761f91f4d422c6c89799495ba4a3171731ecac75e00647bbf95904 The package ansi-universal-ui was found to contain malicious code. Source: ghsa-malware...

Malicious code in overstock-login-layer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 359cd99825c90001defddafc25d74d784b4e71a75a8adf92e90f2371dbf8a124 The package overstock-login-layer was found to contain malicious code. Source: ghsa-malware...

MAL-2026-413 Malicious code in coopshares-webcomponent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2f65589819f3e12665d8524a5db477f2c222a83ed178b584e7cf8e5901ead2 The package coopshares-webcomponent was found to contain malicious code. Source: ghsa-malware...