Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in hadianto-toge48-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f11989ff4836249b122c301f643df6150ec937c0a04ee08943a3b22343e3dfbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in msc-target (npm)

The package msc-target was found to contain malicious code...

MAL-2025-14255 Malicious code in alb-um-availa-ble-zip-mp3-file-on-a-mission-xj0aa-uvytiy (npm)

The package alb-um-availa-ble-zip-mp3-file-on-a-mission-xj0aa-uvytiy was found to contain malicious code...

MAL-2025-5407 Malicious code in example-target-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c527df8a6a7f920a0fd9146bf4a738da075f6430ad4a523d1c345fe4deb26b7 Any computer that has this package installed or running should be considered...

Malicious code in always-target (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5360 Malicious code in always-target (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-1467 Malicious code in @xenial-ux/services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44606337fc107c8d2c2199016ea7ec9f79003aa4ebd99f43cef39e8c272ec0af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...