Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in @trigo/atrix-pubsub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774898dc5178ad4bd2128a0ec966ceb51a9cc46c9884a0618869d7525c96260c The package @trigo/atrix-pubsub was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190828 Malicious code in @trigo/atrix-pubsub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774898dc5178ad4bd2128a0ec966ceb51a9cc46c9884a0618869d7525c96260c The package @trigo/atrix-pubsub was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198849

Malicious code in @trigo/atrix-pubsub npm...

@trigo/atrix (>=6.0.0-10 <=7.0.0-alpha5), @trigo/atrix-mongoose (>=1.0.0 <=1.0.1) potentially affected by unknown CVE via @trigo/hapi-auth-signedlink (=1.3.0)

@trigo/hapi-auth-signedlink NPM version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on @trigo/hapi-auth-signedlink and may be impacted: - @trigo/atrix =6.0.0-10, =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190829...

Malicious code in @trigo/atrix-elasticsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0126e7ed19553bfe7d77922b8f8f506539820240400ca6a89a6d0fa4c657b7bb The package @trigo/atrix-elasticsearch was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190760 Malicious code in @trigo/atrix-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39b1328f74edf78d2b44ee487b5ea36c148e8b07a8f3bb83240f4adaa4b6c0f5 The package @trigo/atrix-soap was found to contain malicious code. Source: ghsa-malware...

Malicious code in @trigo/atrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 558f6feeb49a87304641f2c0c9925edfed565c25407412c22ec77f6dd814dc4f The package @trigo/atrix was found to contain malicious code. Source: ghsa-malware 305ce62c26f6bb221f9779da6dd55b49fd970a1bf8939a813a5951bb2e4f5a07 A...

EUVD-2025-198663

Malicious code in @trigo/atrix npm...

@trigo/atrix (>=0.4.0 <=0.11.0), @trigo/atrix-mongoose (>=0.4.0 <=1.0.0) +1 more potentially affected by unknown CVE via @trigo/eslint-config-trigo (=3.3.0)

@trigo/eslint-config-trigo NPM version =3.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on @trigo/eslint-config-trigo and may be impacted: - @trigo/atrix =0.4.0, =0.4.0, =0.0.0, =0.3.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190684...

MAL-2025-190682 Malicious code in @trigo/atrix-redis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51a9ee65fa4e448ca6d2c3b832232b73b5a2137ad1a4f7cf30bcce00497e5263 The package @trigo/atrix-redis was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198674

Malicious code in @trigo/atrix-orientdb npm...