Malicious code in @bmg-web/bmg-dropdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba8b2c9cb8ff59d283200d129e3ad62a7f469072326443114ebadcda2da4f894 The package @bmg-web/bmg-dropdown was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in gleb-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1195db21d930574e3f893e03ace1f465579fc9a50f319979b05f57a0a6d8e252 The package gleb-js was found to contain malicious code. Source: ghsa-malware 24151762712a7288d42bf902b1d0d205f13c6f76668490e7043fe846a8fd241f Any...

Malicious code in @usealloy/typegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8ddfd4e6bd17172e7327ebed027c76dc8d062700a513a745cf15955c52e043c The package @usealloy/typegen was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bitunix/test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b083a0a29a743f00a18c62069ede0cd31fa3656e9fcbafd497ff742c3efcbdd8 The package @bitunix/test was found to contain malicious code. Source: ghsa-malware caf5aa976643b0e7d9daa1d676c83032b7725f54e4d0f7541e163251805fb9df...

Malicious code in aven_types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0df68dd11fcc6eb930db59e54118c89a481c0d8db3d4db96ca7732ce04cc3bb2 The package aventypes was found to contain malicious code. Source: ghsa-malware d042da73509307cc87e2110ee9cbd8873cd35b4d5de30c65df0f8daf7e93f49a Any...

Malicious code in my-package-jiecub3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1ec43b076f10c0f300bdde6c106bc020894f238b7b2b72e3a3c146d189bdb3a4 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in @settle-sea/supporting-documents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1a578c532adf03529b20a3a434751c75d17e6c7ea31e4ca1881447db490cc78 The package @settle-sea/supporting-documents was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in internal_insights_enabled (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b767ca0c2e6450230a1b4d2bfa3f974fc6e9cac87198adb5c3084ea5f6dcd5f7 The package internalinsightsenabled was found to contain malicious code. Source: ghsa-malware...

Malicious code in hifromhere1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82931dc7313b2b9b93b8664655cbe445702e0fdcf1cc7e587b27758d2ef9cda1 The package hifromhere1 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in moonbit-metrics-validator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

Malicious code in @tushar-br/desktop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25eb4a54e706177aecf51b4124524e6e7d0534b02d9b8e6970169a9df8189ef The package @tushar-br/desktop was found to contain malicious code. Source: ghsa-malware...

Malicious code in @tushar-br/editing-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a4d5659346f95e443d4a8b6883c51f081de5eb6989f8f6731327eb34ed9c64 The package @tushar-br/editing-pack was found to contain malicious code. Source: ghsa-malware...

Malicious code in turbo-he (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1da17bf1f37303e3d91056c1ce674462279861bc896e413f1d262548ff6b3647 The package turbo-he was found to contain malicious code. Source: ghsa-malware 6bd9985ec0cf97c08347814d88b84c1c12cd8f22507a76e2a78cacb06c6840a6 Any...

Malicious code in optimized-fastest-levenshtein (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad1df5ecfcba26f63d6afe82b0b81c718ed915074e7e2a1eec30d7fd6815be5 The package optimized-fastest-levenshtein was found to contain malicious code. Source: ghsa-malware...

Malicious code in vinext-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5c7279d5c84c989a0deef7944c5d1d22b89651bdc01da8fc5144622a8fc74cb The package vinext-monorepo was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @shoobx/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89c007db99335df1e518ef5f3fc4acc2c7d18c0ca6ba9496a93c6cd688e6ffb3 The package @shoobx/types was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in react-resource-router-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74666c1336dafeaefaa96b6bf71ae8a216aa4eaded1151bbd390c0cb913d1697 The package react-resource-router-next was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cktool.config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d17768ef72268e4f3e826458378ed35d149b66eee4e8ba9011ac3a56703d34a4 The package cktool.config was found to contain malicious code. Source: ghsa-malware 7ab5059fb326d298c03d52ca07411ad4f38ed446293bd6206c87b11b6c78aa13...

Malicious code in cktool.api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28b7eb696757e668aa67a3d187943f553dce7298e27f7b47cb90022034ac9ba The package cktool.api was found to contain malicious code. Source: ghsa-malware d228f217a2a065caaf43db67d6cc7dc3c842a2bc821523c33e11456a1a7c0d4e Any...

Malicious code in material-ui-plugin-cache-endpoint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45efd49ad74d002b46224881218cf53c763e58c0b71ed3d3ff3a79d1021f3a64 The package material-ui-plugin-cache-endpoint was found to contain malicious code. Source: ghsa-malware...

Malicious code in ixosrestinterface (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e2fe4fe4fa9a0b286aec54345ba951ff46306f88ef7f106fa1bd2496e34c7898 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in chainutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...

Malicious code in chai-as-optimized (npm)

chai-as-optimized is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/0ac7efbc0b6b1a53b305 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in sanitize-url (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f98260cc1b910a8921671795398ad7f986f02b0b7bc8efef18a4df09b87d51 The package sanitize-url was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in requests-test-test44 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in youpin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d2434bf56ac3bd217b20d87570b4be5eb5c96c17669d38ae4bf7c959dd21b29 The package youpin was found to contain malicious code...

Malicious code in relion-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92fd7c62cf3860ce9650e66abf6424900c5e1bfab538bd3b611158c8da85bd43 The package relion-node was found to contain malicious code...

Malicious code in metrify-chain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6898154f06df814bd48f3b479a605e61fcffebfc9ce5c39a6904ba24a907ac78 The package metrify-chain was found to contain malicious code...

Malicious code in marketing-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91700ba70a19e0997ef295cbc94c127a9febc336d696ae07b738dc2fbef8cab8 The package marketing-analytics was found to contain malicious code...

Malicious code in helios-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abeb968ba4df2b2034b9794205c8251dd5687f652448abd156fafb7f117fbc6e The package helios-components was found to contain malicious code...

Malicious code in farikku-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74e79e5f35cd4e3f49a89dc7e0c244bdd40466a158c84cf45b61bb23553bd27 The package farikku-util was found to contain malicious code...

Malicious code in buildkite-test-collector-playwright-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f3f80367ea53fbaf542c199729a13115d8d848157327188cf365303af1d1f3 The package buildkite-test-collector-playwright-example was found to contain malicious code...

Malicious code in buildkite-test-collector-mocha-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37fbbae0cc3cfcba7b18566c1ab1f61417b1776206c3d0317956058c43ef61fa The package buildkite-test-collector-mocha-example was found to contain malicious code...

Malicious code in buildkite-test-collector-jasmine-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e8247a020880206aa9a5d4eb40d4b1f61cf39245356fd6e91db063d0c14b79 The package buildkite-test-collector-jasmine-example was found to contain malicious code...

Malicious code in browserstack-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a2272bbaadf2917d37e4659f060875d56de205e1b5f21ad56605c07eadfa33e The package browserstack-utils was found to contain malicious code...

Malicious code in agent-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aef6858e2b8d9f7b68d47f8549836f84751b481c19980557a6c83c1954a0313f The package agent-starter was found to contain malicious code...

Malicious code in agent-scheduler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef725b4f3725bfa9deeef4b7152653c4156fb0feb92d045501c86968bc17525 The package agent-scheduler was found to contain malicious code...

Malicious code in agdebugger-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be34269bebfc9203228b56604d750ac51bdf4f84cbf58141d3317fc45c8854ad The package agdebugger-frontend was found to contain malicious code...

Malicious code in action-setup-enos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8c231ffd75db68f6571ecaba491b827f5c86e682716dadadf47c74a979f80a The package action-setup-enos was found to contain malicious code...

Malicious code in @youcanneverguessthisonereally/test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aee30c3c314a7edd599cfa020d43c4fdc7dec927af6e0af8a7772a3b25d8b63c The package @youcanneverguessthisonereally/test-pkg was found to contain malicious code...

Malicious code in @gameforge/http-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5c80f200c1cbaa194dfc83e5a8c911c182ff110b7451512013646d9414429b4 The package @gameforge/http-server was found to contain malicious code...

Malicious code in @evoja-web/create-react-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edb63f2bfa081652aba97d2848d34ffdb1f97f0b744457c6811337282b4359a2 The package @evoja-web/create-react-project was found to contain malicious code...

Malicious code in @appleseed-apple/ac-sass-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...

Malicious code in @3stripes/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ca39203b484afe25fca27596d3c3c81a0a6765ad88d3b129871375127bdb5ea The package @3stripes/shared was found to contain malicious code...

Malicious code in @3stripes/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fea72a3f12c815ec03d587d20386eb4726c301d381fa23d720c25dc903bdcb4 The package @3stripes/config was found to contain malicious code...

Malicious code in simple-auth-basic (npm)

simple-auth-basic is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8802844b712eedf88f3862f4e836efd3a767ee4944f6ec3b8c3fbe849fd741b The...

Malicious code in chai-as-encrypted (npm)

chai-as-encrypted is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/29ebd497b6f232e6b0a9 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-evm (npm)

chai-as-evm is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-mobj (npm)

chai-as-mobj is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/31bccfbf4ee2732207a4 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-inserted (npm)

chai-as-inserted is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/ef2875f70e59e319189d and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...