Malicious Package

Overview xarc-webpack-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in xarc-webpack-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29d869051afe04db57e24dad1092c70992f83465d60989f5120e17d7fa20310 The package ships a preinstall hook node poc.js || true that runs on every npm install. poc.js collects host fingerprint data hostname, username,...

MAL-2026-4352 Malicious code in xarc-webpack-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29d869051afe04db57e24dad1092c70992f83465d60989f5120e17d7fa20310 The package ships a preinstall hook node poc.js || true that runs on every npm install. poc.js collects host fingerprint data hostname, username,...

EUVD-2025-176216

Malicious code in start-iota-webpack-cli npm...

my-testutil (=1.0.1), storm-test (=0.0.1) +1 more potentially affected by unknown CVE via wepack-cli (=0.0.1-security)

wepack-cli NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on wepack-cli and may be impacted: - my-testutil =1.0.1 - storm-test =0.0.1 - stormydb =0.1.1, =0.5.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-39082...

Malicious code in webpack-cli-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6923a0b0ac00b6df0f50acbb796a23891fbe7d857f5f130a62b03f3a7cea9da8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3784 Malicious code in webpack-cli-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6923a0b0ac00b6df0f50acbb796a23891fbe7d857f5f130a62b03f3a7cea9da8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webpack-cli-4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddac203965243a9f1a0fac7e0e5e5217dec4667917b4d23c3dc0e7780d3176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3783 Malicious code in webpack-cli-4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddac203965243a9f1a0fac7e0e5e5217dec4667917b4d23c3dc0e7780d3176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webpack-cli.legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 22737261df7f74819a3f3f968e6516db5e37f6621827d6148b290f7650b9992f The OpenSSF Package Analysis project identified 'webpack-cli.legacy' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious Package

Overview webpack-cli.legacy is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...