225916 matches found
Malicious code in svharness (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3aef9a7535c16df930fdb10e5b60773f5ba2e0a8cd102d53a4cc3da122cfd473 When the documented svharness build --baseline or svharness wizard command is run, the tool's default 'tasks' wiki mode scans and bundles the caller'...
Malicious code in @semacode/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb The bundled CLI dist/index.js contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and...
Malicious code in bricks-builder-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...
Malicious code in art-template (npm)
Versions 4.13.3, 4.13.5, and 4.13.6 of art-template were published after an npm account takeover and ship a tampered browser bundle lib/template-web.js that loads remote attacker-controlled JavaScript. The final payload is the Coruna iOS exploit kit, which targets Safari on iPhone and iPad and...
Malicious code in use-context-selector-tony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dde262b1fecc08fe5853c4ec7ada6c3c3746a6e7afb5bd18c33d5adfa03843c This package is a name-squat of the popular use-context-selector library and ships a postinstall script dist/postinstall.js / src/postinstall.js that...
Malicious code in tdpilot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ebe5ca10c51471256249507d8c7b142996cc72d7472a7a55c08fe6351876f9 run.js invokes execSync"curl -LsSf https://astral.sh/uv/install.sh | sh", fetching and executing a remote shell script from astral.sh without integri...
Malicious code in terminal-logger-utils (npm)
terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...
Malicious code in promptbook-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90 dist/api.js contains a hardcoded URL https://promts.newtechcompany.ru referenced alongside process.env reads and a fetch call at line 44. The package...
Malicious code in fca-official-uzair-rajput (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83c96ed99bb1a48e80228ec0ca012c1dbb7817fe1dbbd492fcb3d2927805f29e fca-official-uzair-rajput is a Facebook chat API library whose only documented entry point, login, invokes an auto-update routine on every call when...
Malicious code in stripe-internal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e7a911f1602bed2fda7cbacff6567286433df29592c24839ae9980c7fff0e6b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in color-style-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47cf4aaa2cd7a20b222a1a4150a7b9e1f79d9b0a09c8fe4a5689e55bad9bc087 On npm install, all three lifecycle hooks preinstall, install, postinstall execute postinstall.js, which harvests installer secrets and exfiltrates...
Malicious code in stripe-commands (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 25869cea9557ac431847a2e11b5c78d6da5ee072b1d73f1d0fa6ccc895d2be60 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in stripe-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2134a01cead67cd3508d0ca8a14acbfd272181c65faed08b8491a1b2e7885ddc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in code-tool-langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13591fd81486fc2001b5c998ff87badefcb81f4c396aa43675a7280a6fed23cf The package installs a Claude Code Stop hook and patches OpenCode plugin code so that every future AI session's user prompts, assistant responses, to...
Malicious code in ganache-cli-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144bbaf975156b3114f5526a7e9a8ffbe8eb411a541c7e457b7bf444200a02c5 Package name impersonates the widely-used ganache-cli Ethereum development tool but ships only a 138-byte index.js stub that wraps...
Malicious code in solna-web3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6076f4236301f997d420c7daba9b12c035fe2866fa9fa42f59be230b5e90350a Package name 'solna-web3' is a one-character typosquat of the popular '@solana/web3.js' drops the 'a' from 'solana'. The package's only real...
Malicious code in tubebrain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4773b7c6b3832dbd9b733f1bbe60d85f6a85a0764ad0c43345962c09add1cca lib/bootstrap.js contains a hardcoded outbound channel to https://transscendsurvival.org alongside calls to https://api.github.com and reads of...
Malicious code in @tarojs/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...
Malicious code in btd-smart (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ad22b27351879a89349a1232ee5abb46bc589399ea710b9769526a8080b3199 The package presents itself as a clone of juliangruber/balanced-match stolen author identity 'Julian Gruber ', verbatim README, identical API renamed...
Malicious code in whiteboard-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...
Malicious code in @mc-xp/mc-monolith-js-src-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13fafa7ca25af537c9383868398521cf50a086c1055e9451e4a2208de0083923 The OpenSSF Package Analysis project identified '@mc-xp/mc-monolith-js-src-package' @ 99.9.1 npm as malicious. It is considered malicious becaus...
Malicious code in @piewasm/pie-web-npm-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...
Malicious code in is-really-odd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f205432fff885dce7a6dee0e8d1267c65944d3e486abd566683caeaad833692 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in identitysecuretokenserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2704e731d0b82aa5927cf3713f741111b03fe8efb2d886cb0ef472a24705c5e3 The package identitysecuretokenserv was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @antv/l7-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/x6-plugin-stencil (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/component (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-mobile-canvas-element (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/awards (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/dw-random (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/expr (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/f-wx (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-base (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-canvas (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-compat (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-layout-blocklike (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-plugin-matterjs (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-plugin-rough-svg-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-plugin-svg-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g2-extension-plot (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/gi-assets-advance (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/gi-assets-basic (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/gi-assets-neo4j (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/gi-common-components (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/gi-sdk-app (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/graphlib (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/interaction (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/l7-district (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/l7-utils (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/larkmap (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...