4 matches found
Malicious code in @ornexus/neocortex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb66a92e1a8c414ee0c8877998a9587b7c8a4be3b9b27b76d874329a87bec5dc On npm install -g @ornexus/neocortex, postinstall.js spawns install.sh or install.ps1 which, by default, runs an installcoderabbit step that fetches...
MAL-2026-4526 Malicious code in claw_messenger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b621afa50fe31026a12750b83eeb309366f95b07a9e0c5095d3e862f0007b70f The postinstall lifecycle script in dist/postinstall.js spawns two detached, hidden child processes during npm install. 1 spawn'npm', 'install', '-g'...
MAL-2026-3778 Malicious code in natazx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0514a0df660dfc4e7380f68e8533fa325ccc246ba21855975f73d3af78cd9f0 On import natazx, the package's top-level code executes several installer-hostile actions without consent: 1 it unconditionally overwrites the host's...
Malicious code in natazx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0514a0df660dfc4e7380f68e8533fa325ccc246ba21855975f73d3af78cd9f0 On import natazx, the package's top-level code executes several installer-hostile actions without consent: 1 it unconditionally overwrites the host's...