Malicious code in @tallyui/storage-sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dfe62118fbe292ca123fb157b6fe7d34d5613dcc334553c5cb767636b88ef2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3604 Malicious code in @tallyui/storage-sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dfe62118fbe292ca123fb157b6fe7d34d5613dcc334553c5cb767636b88ef2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tallyui/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3603 Malicious code in @tallyui/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3519 Malicious code in @tallyui/theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34578fa5c77db2b21dd15d3357fc2b7c4d36a2ce4d1d44f86daa5c04561d662c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3518 Malicious code in @tallyui/database (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d7af140ba49fc46f93bc668a317637f07fe952aa72fa5aaa3c3f16939d221ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tallyui/database (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d7af140ba49fc46f93bc668a317637f07fe952aa72fa5aaa3c3f16939d221ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tallyui/connector-woocommerce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f5fadf96fb0e608a593e58d9d756b29d4bf5789e82acc505079a95a0b949d3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3516 Malicious code in @tallyui/connector-shopify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d106ed4bb3649c216aa7b4a45dec994551171295f9a95aa27ed7e0561664e644 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tallyui/connector-shopify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d106ed4bb3649c216aa7b4a45dec994551171295f9a95aa27ed7e0561664e644 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3515 Malicious code in @tallyui/connector-medusa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3acb08c5699637240eec2741252206938cd0e0be4b997523e2100925456e2e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tallyui/connector-medusa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3acb08c5699637240eec2741252206938cd0e0be4b997523e2100925456e2e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tallyui/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d8c00e97e1db6523971d72b66f9fd535aebe26956574db7d6a78797a37be9b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3514 Malicious code in @tallyui/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d8c00e97e1db6523971d72b66f9fd535aebe26956574db7d6a78797a37be9b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tallyui/connector-vendure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283da4a59287c5418e3485a9a642cfbb9cc387f5e1ab4c120af92199daa0970 The package @tallyui/connector-vendure was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3458 Malicious code in @tallyui/connector-vendure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283da4a59287c5418e3485a9a642cfbb9cc387f5e1ab4c120af92199daa0970 The package @tallyui/connector-vendure was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3459 Malicious code in @tallyui/pos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5279d1272d0ce8f67df10c573ffad904cc0db1c047aad8cea501e1068564361e The package @tallyui/pos was found to contain malicious code. Source: ghsa-malware 1a3e5194d9053a2e2e63e6d5b98d169d862ad969c78986fac81af7ee2557f4b5 A...

Malicious code in @tallyui/pos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5279d1272d0ce8f67df10c573ffad904cc0db1c047aad8cea501e1068564361e The package @tallyui/pos was found to contain malicious code. Source: ghsa-malware 1a3e5194d9053a2e2e63e6d5b98d169d862ad969c78986fac81af7ee2557f4b5 A...