226591 matches found
Malicious code in simple-node-calc-b (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78b115418f82ef73f995f3bf6b0cb8bf50da516b56c691b76ccb939491d2b046 [email protected] ships a binding.gyp that includes a modules file declaring "lodash": "!node lodash-compiler.js". The gyp !... syntax execute...
Malicious code in simple-node-calc-a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9a86d4aeac1d4f5fc458b3058f4b13229cd2097c9d8e5cf3e4d45aa24980ad8 [email protected] advertises itself as a pure-JS calculator but ships a binding.gyp that triggers node-gyp automatically during npm install...
Malicious code in simple-node-calc-aa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7274769c1f72a3c00ec34290bd2e0dff85b9c41d6a85cfffc1b164b46280de72 Package advertises itself as a trivial arithmetic helper but ships a binding.gyp whose sources list uses gyp's !... shell expansion: "!node...
Malicious code in simple-node-calc-ccc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9bfe35484999f40374a6dcfea11247cf3407a3177e27506c714407b9384036a Package name 'simple-node-calc-ccc' presents as a trivial calculator but ships lodash-compiler.js, an 87KB obfuscator.io-packed file using rotating...
Malicious code in subsearch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04245cd013e6aa9edb766cf14249c9dd6abd19d6beb9671c22a1a8bbbff3d511 The package's main entry index.js is the only file of substance and is wrapped in obfuscator.io string-array + RC4 obfuscation that hides every liter...
Malicious code in stitch-design (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81a0c5de3abe7924f58304e27e1537821c217c9348c060b31c5424407f9f10cc The npm package ships a preinstall lifecycle hook scripts/preinstall.js that, on npm install, reads classic installer-secret paths — /.gitconfig,...
Malicious code in based-32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ca241d887ed83628c8c4a4432ca0f832d092e6058c7ab4250cc5b169ba7fb9 based-32 advertises itself as a zero-dependency RFC4648 Base32 encoding library, but dist/index.js ships a hidden trigger inside the exported...
Malicious code in howdybase32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0eab759e668db62de0eaa10d1f5d32c689b00c7c3d6d2b1517439cc5df3e956 The package advertises itself as a fast, zero-dependency base32 encoder/decoder, but its only bin entry bin/hibase32.js silently invokes...
Malicious code in nizzybase32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd8ad52e73a1c796a1dbe22501f4ef2d42f3ceea98cc259e1ceefb1a214cfa56 The CLI in bin/hibase32.js computes SHA256 of user input and, on one hardcoded magic digest...
Malicious code in base58-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 048a186e2e59bb0b7d9986c7099e527390e38690292bc49e237578a471c56680 The package advertises itself as a Base58 encoder/decoder but on require schedules a delayed payload that performs multiple installer-side attacks...
Malicious code in bs58-86 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 057e2e470e0bc9dbfd2ff37955c0c7d051cca944025b9d62c882ffc98c4434e5 Package [email protected] reproduces the name, README, repository URL cryptocoinjs/bs58, and exported API of the widely-used bs58 base58 encoding library...
Malicious code in base62-86x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 811002816e7f72588c7c6540b088af5c44b8280574e43dbaeef4701fe377fe9f Package impersonates the legitimate base-x/base62 library by Daniel Cousens name base62-86x, homepage pointing at cryptocoinjs/base-x, identical sour...
Malicious code in agentsync-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 430fd9891020d33aa720cede12887f97615ac764bd8af19dc27f18bba4729c38 The package advertises itself as a zero-dependency pure-JS markdown sync tool 150 lines but ships an undocumented 2.9MB Windows PE binary at...
Malicious code in agentsync-pkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b383c760dffae4a26d7f94b433bbe00dedb2426b23f4713610d6f5f36c594cf1 On every import / require'agentsync-pkg', src/index.js line 152 resolves bin/native/parser.node and calls require on it: const p =...
Malicious code in logfmt-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb22b2557674e7d616805d8a4086d69e02896be169b9e5d4d053eb3628ebe038 On npm install, scripts/install-check.cjs registered as a postinstall lifecycle script fetches a JSON config from a hardcoded anonymous Vercel app UR...
Malicious code in polymarket-stake-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8a5200cef3811ce98e489080709917dfafc2216a17f90329b9930e0f5f630a1 The package ships a postinstall hook scripts/sync-peer.cjs that runs on every default npm install. The script compares the installed version against ...
Malicious code in polymarket-stake-maths (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 657363aaa0b94385d30a26c1f4ee67923b0d877975850ad08f8364c2a901d8e7 On npm install, the package's postinstall script scripts/install-check.cjs fetches a JSON config from...
Malicious code in easy-time-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68e3ed59cdf42b986633df92080189576ccb0c6482e9418dab47b72ac45cf97b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tokenization-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6 The package advertises plain math/formatter helpers but index.js contains a heavily obfuscated payload concealed inside the calculateTokenPrice...
Malicious code in unifydata (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c62d93328810f03f3aac73777f406eee1b3413e1c3320eb87f3445754dba9d3 On require'unifydata', index.js calls initPlugin at module top level, performs an HTTPS GET to https://jsonkeeper.com/b/B40HL, JSON-parses the...
Malicious code in anthropic-claude-latest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39eab369e2498da827d3bbd331effdf24b99ab28961e62da7328e4476e328876 Package anthropic-claude-latest claims to be an 'Official Anthropic Claude SDK wrapper' but ships no Anthropic SDK code; the README is for an unrelat...
Malicious code in block-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45d25c6b3ae56eaaf7f76995fc0b6f93a8499b9cbe2315446a63cb5601d841d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @su-doughnym/metrics-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1b02acc9d8d069bfdf5db415cb18c33e05ffdcd577532cfc3dbd112e4d9a6f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in poc-publish-test-su-doughnym (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54e0dbb8f5ce514035d0c4596f5b78b47f14ab145f2d43172bf13b595df78661 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @su-doughnym/loginui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97528ba896a094d6b1ed4306c1553ae6f3887d808d4e4bcb6d03d9ee29e1a8b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @su-doughnym/react-dlb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c4b5ea9035f910a7193b9da02623e92d8364869382bf683b3469ea3a2b46fdc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in nabisco (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c6b974c237c0a7f1806c58521bb7f5353e013785144f2124b21d0fe676c2b7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in two-factor-prompt-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7f55251c2837eacfe7f8b0c2ab44077608dc2562f3c167dc1d2927b9f730fad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @su-doughnym/hubspot-loginui-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e22fa4def0472cf65c32dfc2476ccebd428bc92163cb0095bea52240b1c1c914 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in data-fetching-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e3b28cd7d92e52caebbbc24439e3075e592ca43dbeb5cd711d4ccb3df74c1ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in solo-nav (npm)
The solo-nav npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-auth (npm)
The leo-auth npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-config (npm)
The leo-config npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in serverless-convention (npm)
The serverless-convention npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in leo-cache (npm)
The leo-cache npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-sdk (npm)
The leo-sdk npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-connector-mongo (npm)
The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in leo-connector-elasticsearch (npm)
The leo-connector-elasticsearch npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in serverless-leo (npm)
The serverless-leo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-cron (npm)
The leo-cron npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in rstreams-metrics (npm)
The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-connector-oracle (npm)
The leo-connector-oracle npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in rstreams-shard-util (npm)
The rstreams-shard-util npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in leo-streams (npm)
The leo-streams npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-aws (npm)
The leo-aws npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-cli (npm)
The leo-cli npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-connector-mysql (npm)
The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in leo-cdk-lib (npm)
The leo-cdk-lib npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in leo-connector-redshift (npm)
The leo-connector-redshift npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in leo-logger (npm)
The leo-logger npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...