3 matches found
Malicious code in chai-as-polished (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2ea0d46e0bb4382e8d684d025cb72b7f99e37874c571e9946ae1268b70be6cf Package name is a one-edit typosquat of the widely-used chai-as-promised, but the shipped code is unrelated to chai. The exported middleware spawns a...
MAL-2026-5902 Malicious code in chai-as-tokenized (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485 Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper...
MAL-2026-4514 Malicious code in chai-as-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7096b7b983ae63f8e59f9e047440547c9536f6c4c9da0ac46909b91a9d4e10e The package masquerades as a pino-style logger exports module.exports.pino = middleware, keywords fast,logger,stream,json, lib filenames proto.js,...