226705 matches found
Malicious code in logger-daemon-regex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 867d520b17da5e885d1a1e1e954cbf9eaf045b55a28307319f4fbad27846b8a9 package.json advertises the package as a 'Node.js integration layer for Autodesk Forge' but the shipped code is a full information-stealer /...
Malicious code in n8n-nodes-barcode-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb55ae2b864b933ae071cb33e8f53a52005ff0dc26487d15639f3b07fa7d9849 The package presents itself as an n8n community node for barcode generation, but dist/credentials/BarcodeGeneratorApi.credentials.js contains a...
Malicious code in react-v17 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73dab7161ffcaee5f943894308dd75428e9081b872daaed7ef50218bf98ad44a Package name 'react-v17' impersonates the legitimate 'react' package. package.json declares a preinstall hook 'node index.js' that auto-executes on n...
Malicious code in npm-rce-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6365312ad1339c7d5539f594b9e472ea3f10401fa356fe49766de887368e87c9 Package declares a postinstall lifecycle script that, on npm install, fetches a script over plain HTTP from a hardcoded bare IP...
Malicious code in @vraksha/gh-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c867b4c68acc159dea1bbd580c5de3f3c9fef7bd1f54cd48a02c59631ffda12 On npm install, the package's postinstall hook runs index.js, which performs an HTTPS GET to https://http-logger-production.up.railway.app/payload,...
Malicious code in crypto-promiser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25594e7865a7525aebefd2f1fcc8060f144bf202b1986875e1cfd95564f66e88 [email protected] is a typosquat of the legitimate crypto-promise package that ships a dropper in its lifecycle scripts. The declared postinstall...
Malicious code in vps-new-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a87c3a5996e3d81f13922de94c19e39af1be7c9b6920fc9ade4f43edd838b7 The package's main entry dist/index.js re-exports createServerAdapter from./server/index.js, causing that module to evaluate on any require/import of...
Malicious code in events-alias (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 164642716a755117674746c1c2534b0ac47d56bed2348e7a800c3d37a98074e9 The package's preinstall hook "node index.js" runs automatically on npm install and executes an exfiltration payload. index.js requires childprocess,...
Malicious code in chai-as-const (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2c70991a87f00f1b25b85243d1984fcb2562dc2c34f0c5514827b3660350294 [email protected] is a disguised dropper. The package name is unrelated to its code, which impersonates the pino logger exports pino middleware,...
Malicious code in configration (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3255dd4ea4a24b3e000f6a8aadb9a022bc9aed07507124a595dd42ef0b429d6e The package impersonates the pino logger README badges, module.exports.pino = middleware under a one-character-omission name configration vs...
Malicious code in next-locomotive-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6c9a6a78e92a3815c6923d8a77304fa6622e93b11eecdad3d5a1156398ec37b The postinstall lifecycle script in [email protected] automatically runs on npm install and reads a hardcoded list of installer credential...
Malicious code in express-mongo-limit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14fb26238eabda9c27993bc87c05daf79a9d747b09aa9913f4b0f423f9c02b11 package.json declares postinstall=node index.js. On npm install, index.js decodes a base64-encoded URL aHR0cHM6Ly9nYW1ib3JhY2xlLnZlcmNlbC5hcHAvYXBp →...
Malicious code in @vite-tab/tab (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95af865d1cf7d45f2b4c2a73eebcfcd1a1a6aba9a36f33bf8256ef4d7235903c @vite-tab/tab republishes Vite's codebase under a different name while impersonating the upstream project: package.json declares bin: vite:...
Malicious code in turbom (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 64978153f8a987180b6c8e88b5787598ed949a604527f0098271f97d8c66a235 Starting version 1.0.1, the package contains obfuscated code and embedded binary that is executed during the import, sharing many similarities with package...
Malicious code in luludawang-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae96a2ee83d724de0e046dbf9e4749e9fd0d5c56fc16f2f28050512080f30628 On npm install, the package's postinstall hook runs index.js, which reconstructs a remote URL...
Malicious code in ec-checker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc8245936c8beb04bdb2bfe31a8117133823e3ffd6ed3e165d89b822dfab4a9c package.json declares a preinstall script that runs npm install @sentry/node && node examples/verify.js. examples/verify.js initializes the package's...
Malicious code in chai-redirection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38236fbbdbbaa8f8ed9315c3a4ff01fbf049215896036b1cb68611681fe0eb00 chai-redirection presents itself as a chai assertion plugin but its main entry index.js unconditionally spawns a detached Node child process running...
Malicious code in chai-presentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 854dd2b8a43d8936f153925a2af8ee8de5d18647149aeba69fb0329eaa461b93 The package presents itself as a chai assertion plugin but its main entrypoint index.js contains an appended IIFE that, on every require, performs an...
Malicious code in airkey-mfa-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03026bf6133183ffaba772b4b1f585bab0a42ab87823a0a2375a7f1cba08661e package.json declares a preinstall hook that runs index.js on npm install. index.js collects host and user identity data — hostname, platform, arch,...
Malicious code in pipo-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 259159c0505b819905dcaf53172d98a4fd590a9ae1a40f87d2be4c1a7fdc4065 This package is a dependency-confusion payload published at an abnormally high version 9999.0.0 targeting an internal package name pipo-sdk. The...
Malicious code in goofy-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 779daa3389f4ff3ea7ca2acb4e0202b4465e90fa0d8b7bdcc0e3785f34e454a2 [email protected] is a dependency-confusion squat: the version is inflated to 9999.0.0 to shadow an internal package of the same name in build syste...
Malicious code in @luminarycloudinternal/lcvis-st (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8dffb72c9f767cbd071bf482fce9acb1ff2283a4800b7862739348b7a89e24 Package @luminarycloudinternal/[email protected] is published to the public npm registry under an internal-looking scope with an artificially high...
Malicious code in bytefaas-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07cb4f68cec68081ac4817ad2ae387e7b031d3377a74a74ecca59c5858940d08 Package published at version 9999.0.0 under the name bytefaas-sdk, the canonical dependency-confusion shape used to shadow a private internal package...
Malicious code in searchresults (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d5453a0b1576ed8880071cda901607e79f25378700d3f999ab2c9715e00635 [email protected] is a high-version dependency-confusion squat on the generic name 'searchresults'. package.json declares preinstall and...
Malicious code in thunder-rony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b49da9c4d3522da30e4c917c3102444f9d61d3ab3e9c547b74b9240168754b9a On npm install, the package's postinstall hook executes index.js, which collects the installer's OS username os.userInfo.username, hostname...
Malicious code in ronyfortest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c9f63368f7e1147ade261a87f45e32e13bcf79b5336efad59087ce85e64a849 The package's postinstall hook node index.js runs automatically on npm install and collects the installer's OS username os.userInfo.username, hostnam...
Malicious code in rony-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 873cd33646b64f2073cc37ed9649a3757fb8aa186d50f700cb8ad199196fd56c The package's main entry index.js collects installer identity data — os.userInfo.username, process.env.INITCWD || process.cwd, and os.hostname — and...
Malicious code in higherlogic-ocfe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f73e9c228fc5188d602b213f2c6e7f88d6acbb4a9381667b7c33e4cb825aedf2 Package [email protected] is a dependency-confusion lure targeting the Higher Logic vendor namespace. The published index.js is an empty...
Malicious code in babel-eslint-parser-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85a6f04cbf0697b6ae409fb9e5ad0e25812dac6a2f43bd95722f1903ee2f71f7 Package name babel-eslint-parser-legacy is a one-suffix confusion against the legitimate babel-eslint-parser. The package's own main is an empty stub...
Malicious code in ag-charts-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29c50b5a47dde18daf83760926662df3b9890de074cc00938de04892ac79a4d9 [email protected] is a hollow package empty index.js, no scripts, no documented functionality whose sole effect on installers is resolving its...
Malicious code in visa-cli-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0e8f566e285de1eec2c3cae07b0faaa8828080a4e1fed7e76e1fe43dfa571ec Package presents as an internal-looking corporate tooling name 'visa-cli-tools' published at an inflated version 99.9.1 — the canonical...
Malicious code in ai-gen-ai-opt-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a34dae027378ca986d5e99aa7c9ffc5efe590e4697e1255970ce713f6d309e74 [email protected] declares a postinstall hook postinstall.js that runs automatically on npm install. The script collects the installer's hostna...
Malicious code in @luminarycloudinternal/frodo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...
Malicious code in promo-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1a88c879a569b51180b134bd442917610efba2cfc54aa980cb3ec3b4731e84c No concrete evidence of installer-side harm was identified for this package version. There are no indicators of credential theft, environment scrapin...
Malicious code in manom (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5c719a4493f261eac65f57909044b1f958860f46fce1668314878007d2625849 During installation, the package exfiltrates random files. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in manik (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9f5401ff0b4189038b0682df9360adf8a7b3f1c0b19f41726a9bb1ebb6770d5e During installation, the package exfiltrates random files. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in tronpak (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 35790f872dd1f0fa6c17fca434134a08101946af27a0e2b4467e3b362f618e01 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
Malicious code in @vite-ln/build-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b380eb60df5dc8d12ad64fe26e5c1ca08c4fa39505400ba90ea1a2d305121ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in paperclip-adapter-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d49d1a6c5381f58370cbfedc2321bd44796eb4ea79541d967a661760d9759801 [email protected] executes a credential-theft and C2 backdoor automatically on import. The package's main re-exports...
Malicious code in paysafe-cards (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21a6e3b2436241fa7cebb029cdab33b2eb530cf450f7fe89d79a925c14148ed Package name and metadata impersonate the Paysafe payments SDK description 'Paysafe Card payment processing', repository...
Malicious code in domains-billing-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 11558e73bc928dd5dadd7ba70e9256e5458e6d829c63a577a31740d2f6c553e1 The OpenSSF Package Analysis project identified 'domains-billing-types' @ 99.91.1 npm as malicious. It is considered malicious because: - The...
Malicious code in manin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3234643a550a8e121b7f2cbee42e45fa90604a95258babd0b8a602ee97cf3045 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...
Malicious code in turbod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78d60e25c1258021c4fb69a93456c76ef1157be852c7b9dc7165290ca599b0f7 Starting version 1.0.7, the package contains obfuscated code and embedded binary that is executed during the import, sharing many similarities with package...
Malicious code in py-slugify (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 67a9d1e498fcf994bbfd8e10bde000990fe4579a88ba5b20848beabac1ae44cc During import, this malicious copy of a legitimate package downloads an encrypted data disguise as an image. It contains an archive with a next-stage script th...
Malicious code in rarcore (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 69082900a353e728be770b24c10b27f0f2b7cb9f5ec15179833976447fc6c424 During import, this malicious copy of a legitimate package downloads an encrypted data disguise as an image. It contains an archive with a next-stage script th...
Malicious code in oxntime (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d96d9d5b1800042c94a33b8ac459abe42775a2c07e7cbd4ca2f689bdcf141ef The package contains obfuscated code and embedded binary that is executed during the import. The embedded binary targets Android and seems to act as a guard fo...
Malicious code in @vwfs-its/sf-sac-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e08b57aacea0c5dcc883413eddf7737e7a45fa2c21bd5381d4e80235b3ef182 The OpenSSF Package Analysis project identified '@vwfs-its/sf-sac-frontend' @ 20.1.1 npm as malicious. It is considered malicious because: - The...
Malicious code in tronhapy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9130b2067fa138b1e6562360778bbb48be1679d6de6b170db0c2938f673a1a4b Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
Malicious code in gitlens (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 33742a75a392f62d009fb5213d109ecd6c51a155aa151cb8539539cb28aa2395 The OpenSSF Package Analysis project identified 'gitlens' @ 9.4.0 npm as malicious. It is considered malicious because: - The package communicat...
Malicious code in jsonschemavalid (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 66c7a352526170a98abaa8fcccfd433c9e8326e340df4904adce19bd13a05902 A clone of a legitimate package with an embeded reverse shell. In the published version, the reverse shell was connecting to a private IP address suggesting th...