MAL-2026-5434 Malicious code in ac_calendar_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5b3fd92d67510aef112ac70c9af79a59b924eef29e20b1b127ea4c720182c63 On npm install, the package's canary.js postinstall script issues an HTTP GET to http://157.230.17.236/dc carrying the installer's os.hostname, packa...

MAL-2026-5349 Malicious code in @demica/core (npm)

Dep-confusion squat of internal @demica/core at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913; "authorized benign canary" framing does NOT downgrade, raw-IP...

Malicious code in cartos-dds-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1f496b09128d69f16784f2b9c7ac2d7f29982e802db47de225654f902cd2db4 The package cartos-dds-ui was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-41264 Malicious code in sdp-transform-writer (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a7fe67cbf547a37aaa2286e629788d404dbcc306a63bd6edbd4101513e27138 The OpenSSF Package Analysis project identified 'sdp-transform-writer...