210 matches found
MAL-2026-10444 Malicious code in markable-table (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd358271f202636f12507f09da4e8f00c900ba46c9dca25a5a0526d35b75bf1d [email protected] declares scripts.preinstall = 'node index.d.js'. index.d.js base64-decodes an embedded payload and invokes it through an...
Malicious code in kuaishou (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd1d5daf09cc7bfff164e60bf5abd0a1b374b5bb616f0a78cac8f6c6ea613608 The package's prepare lifecycle script, which runs automatically on npm install, collects host, user, and platform identifiers along with the full...
Malicious code in nodemon-gulp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18cfb051ae84a8ed00bba3ae1eaf7720ec6479a402ae0540c6d66a7fa304f52a Package is published as nodemon-gulp but its contents are a verbatim copy of the upstream nodemon project: package.json declares author: Remy Sharp,...
Malicious code in crypto-promiser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25594e7865a7525aebefd2f1fcc8060f144bf202b1986875e1cfd95564f66e88 [email protected] is a typosquat of the legitimate crypto-promise package that ships a dropper in its lifecycle scripts. The declared postinstall...
Malicious code in babel-eslint-parser-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85a6f04cbf0697b6ae409fb9e5ad0e25812dac6a2f43bd95722f1903ee2f71f7 Package name babel-eslint-parser-legacy is a one-suffix confusion against the legitimate babel-eslint-parser. The package's own main is an empty stub...
Malicious code in zod-pino444 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...
Malicious code in thirdwebb (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwebb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...
MAL-2026-6693 Malicious code in thirdwb (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...
MAL-2026-6580 Malicious code in loadutils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...
Malicious code in loadutils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...
MAL-2026-6672 Malicious code in ulid-xyz (npm)
ulid-xyz is a typosquat of the popular ulid library sortable unique IDs and is a cross-platform Remote Access Trojan delivered via a postinstall hook. The package.json postinstall superficially looks like an inline node -e guard that checks for the existence of a dist file, but it actually launch...
Malicious code in ulid-xyz (npm)
ulid-xyz is a typosquat of the popular ulid library sortable unique IDs and is a cross-platform Remote Access Trojan delivered via a postinstall hook. The package.json postinstall superficially looks like an inline node -e guard that checks for the existence of a dist file, but it actually launch...
Malicious code in chai-as-persisted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...
MAL-2026-6533 Malicious code in react-dynamic-table-compenent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55ead8b66faca1e08b2babafa252da2371b535c010a5c14d8b0d0e2a44aadf8 Package name misspells 'component' as 'compenent', a one-letter typosquat of react-dynamic-table-component. The package's postinstall script runs nod...
Malicious code in @dervix/ws (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b9ab7431b1a6a1250c089e2ea33f54ad92313f587fbd2aabc020c12be55f69 Package @dervix/ws impersonates the popular ws WebSocket library — package.json copies the legitimate ws project's homepage...
MAL-2026-6443 Malicious code in agentsync-pkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b383c760dffae4a26d7f94b433bbe00dedb2426b23f4713610d6f5f36c594cf1 On every import / require'agentsync-pkg', src/index.js line 152 resolves bin/native/parser.node and calls require on it: const p =...
Malicious code in bn-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...
Malicious code in markdownlint-cli2-fix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca7d5154ecbbcc636198bd2314e1916e5f0673d37ab7b14caca2ea96ad5ac5e1 Package name 'markdownlint-cli2-fix' impersonates the popular 'markdownlint-cli2' linter but contains no linter functionality — the README states...
MAL-2026-6353 Malicious code in markdownlint-cli2-fix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca7d5154ecbbcc636198bd2314e1916e5f0673d37ab7b14caca2ea96ad5ac5e1 Package name 'markdownlint-cli2-fix' impersonates the popular 'markdownlint-cli2' linter but contains no linter functionality — the README states...
MAL-2026-6274 Malicious code in web3-token-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...