MAL-2026-6394 Malicious code in hs-locale-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d717c264a1c338c3b3fee43c13e43eba24cafbdabf34f62108bbd99e05c6b1b Package targets the internal-sounding name 'hs-locale-management' on the public npm registry at an inflated version 99.99.99-poc3, the canonical...

MAL-2026-5829 Malicious code in unico-android (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c642a2e29290c07b5c7eb9481ad34f1b907e43ffe5edd8c33f67254f4e9a192 On npm install, the package.json preinstall hook runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f with query parameters...

Malicious code in getd-handler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83398d27bb84d47296f796b4b2e6e9b5a0efc474add2e57592455e7d5d54eab5 On npm install, postinstall.js collects the installer's hostname, username, platform, current working directory, and CI-related environment variables...

Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

MAL-2026-4737 Malicious code in your-unique-package-name1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a82d9cce1cd5cae0e9bae039dc08eccc18ec4494b182d11ab35c25ac4496d34 On import in a browser context, index.js creates a hidden iframe pointing at https://www.pendo.io/?builder.frameEditing=true and postMessages a...