8 matches found
MAL-2026-5856 Malicious code in carousel-controller-mixin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...
MAL-2026-5746 Malicious code in xy-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d631443367624273d8b7d3347b2e173a72f3f7447424f25424dab8e68c4b1a25 package.json wires both preinstall and postinstall to node callback.js, which auto-executes on npm install. callback.js collects username, uid/gid,...
MAL-2026-5696 Malicious code in voyager-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7f4f15201378ec6cee4268469e85e17e50f3f5299d94a250031d6c2693177b8 package.json declares both preinstall and postinstall lifecycle hooks that execute callback.js on npm install. callback.js collects installer-side...
Malicious code in @0xlr/sentry-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cda998358d5cfe20dc0c060f7e212e44ee41e6f369f42c15badbfdd7b796744 On npm install, this package automatically executes postinstall.js, which enumerates the entire process.env every environment variable, including CI...
MAL-2026-5388 Malicious code in @0xlr/stripe-checkout-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65b2bf8dcdc0fc9b8fdbf14bbf58a011707a4425cf0029867e28067c08ef5566 On npm install, postinstall.js enumerates the full process.env keyspace plus host identifiers os.hostname, username, homedir, cwd, argv, OS details a...
MAL-2026-30 Malicious code in dstny-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b284da9586db3d25955c197277419786676841a572ee83eb99a463072eff3dec The package dstny-utils was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ipvision-selfcare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 355639090b049714637ef2cba9b4ce6ae9661ba872dc9e1aec6a69bb28ae81f1 The package ipvision-selfcare was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in angular-sources (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ff334dd83f794d2141307860dd5229672ff176ff05a1a2ac22674fe9146f8938 The OpenSSF Package Analysis project identified 'angular-sources' @ 999.0.0 npm as malicious. It is considered malicious because: - The package...