12 matches found
Malicious code in vite-config-field (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...
GHSA-G8MR-85JM-7XHM Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...
Malicious code in vite-config-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...
MAL-2026-5728 Malicious code in vite-config-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...
MAL-2025-191383 Malicious code in @voiceflow/vite-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e311606ae472f7551604c1c14cbf14f26fab216c76778f69086466466deac60c The package @voiceflow/vite-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/vite-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e311606ae472f7551604c1c14cbf14f26fab216c76778f69086466466deac60c The package @voiceflow/vite-config was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199379
Malicious code in @voiceflow/vite-config npm...
Malicious Package
Overview node-vite-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in node-vite-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c53bdee988880e8c288daeff8bb041022f69c78319375b597edab208129e0621 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47489 Malicious code in node-vite-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c53bdee988880e8c288daeff8bb041022f69c78319375b597edab208129e0621 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vite-config-pretty-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a3f6b7466ad8fab94eb697f86931898faaaa7437f3361c93556cfae5f75f99f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4517 Malicious code in vite-config-pretty-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a3f6b7466ad8fab94eb697f86931898faaaa7437f3361c93556cfae5f75f99f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...