Lucene search
K

226591 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:57 p.m.6 views

Malicious code in npm-bug-bounty-test1-rhyselsmore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 354a2aa5da5356bab1c97537f865ebdf6af3fcc24f74a6f7c6f78181265c8af2 package.json declares a dependency foo whose source URL is https://3223567a82f3.ngrok.app/foo — an ephemeral, anonymous ngrok tunnel with no version...

6.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:54 p.m.8 views

Malicious code in ppt-creator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8040bc58597dee52581beb232688c85302554af0af5726abc15c56a21ac69f2c On npm install, package.json's preinstall hook runs index.js, which collects host identifiers os.hostname, os.userInfo, homedir, DNS servers, dirname...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:53 p.m.7 views

Malicious code in bug-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdac6ea5e7530323f39451c43fc9e4693b30704a5f9e9287018c727a44c36a5d package.json declares preinstall: node index.js, causing index.js to run automatically on npm install. The script collects hostname, username, home...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:53 p.m.6 views

Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:50 p.m.6 views

Malicious code in chai-as-operated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927e5f9d908ce243e10ddf51e2463ac96c6f685790ec9f35dcc7309c90ad8407 Package name impersonates the widely-used chai-as-promised README instructs chai.usechaiAsOperated and the README badges further impersonate pino...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:46 p.m.7 views

Malicious code in markdownlint-cli2-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca7d5154ecbbcc636198bd2314e1916e5f0673d37ab7b14caca2ea96ad5ac5e1 Package name 'markdownlint-cli2-fix' impersonates the popular 'markdownlint-cli2' linter but contains no linter functionality — the README states...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:40 p.m.7 views

Malicious code in buffer-wrap-67d7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0192c1f2bf35c50a401e2df63f505564880339f5329c0ffcfdb8748cd6d48e3 The package declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on npm install. run.js imports os, fs, http,...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:40 p.m.5 views

Malicious code in hex-conv-ae7a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35d4f6adb1ef40a529deec65b7409b949cd93ad60d6cf3880ff5e8f0079fef1f The package's package.json declares a postinstall hook "postinstall": "node run.js" that runs run.js automatically on npm install. run.js imports os,...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:40 p.m.7 views

Malicious code in safe-json-38bd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 523c83ae906ad871cb1ea3ffef4c0ae4e2d9f717376b86e97f6575e47cbc640d package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on npm install. run.js imports os, fs, http,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:52 p.m.5 views

Malicious code in wagmi_util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44ca5f8da70044150618d34a591d8a6d72aa77a5e22eb30da3e86f4b74c76ef Package wagmiutil impersonates the popular wagmi package: it copies wagmi's tagline "React Hooks for Ethereum", re-exports wagmi's full React-hooks...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:20 p.m.5 views

Malicious code in log-taker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35623f56ea43d8a9a7ac1caa84678ed40d6923fdf19d8d23f7d4aacdde1a8c4a index.js requires childprocess and invokes execSync with bash and zsh shells around lines 315 and 331. The available evidence does not establish what...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:19 p.m.5 views

Malicious code in react-check-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d89ef9716015743217a9492f4b4469459da701a1b6198851f1527033f1e5c9ae On require, index.js invokes initMsgCache at module top level. The function derives an AES-256-CBC key, IV, and ciphertext from a hardcoded 161-byte...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:18 p.m.7 views

Malicious code in triage-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef2bb10931626a345e1277463f9c2ec6ca36108c2d6131c9210707ea5692a64 package.json declares preinstall: node index.js, so the payload runs automatically on npm install with no user action. index.js requires os, fs, and...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:1 p.m.6 views

Malicious code in therdweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9e63765322daedaf6d802d322402a1837d3ec653ecf47909d243e5c87398117 The package's name 'therdweb' is a one-character variation of the popular 'thirdweb' SDK, while its contents README, source code, author field 'Micha...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:1 p.m.6 views

Malicious code in thidweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80721058923b3e5963a6ee170007b8b4131ae5093481456ca10e63f52963987d Package is published as thidweb but its README, source comments, repo URL, and author metadata all identify it as big.js v7.0.1 by Mike McLaughlin...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:1 p.m.6 views

Malicious code in rainbownkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 970be1fb6306ff1e8dc6119d96404f600a1eb44a47124e2910bb9237bb80fe9a Package 'rainbownkit' is a single-character typosquat of the popular Web3 library 'rainbowkit'. The shipped source, README, repository URL, and autho...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:1 p.m.5 views

Malicious code in thurdweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 775ff15f4a1314978d4cfed1e97c6c9ac8621d8ddeed93160c25aa3681f73cc7 Package name thurdweb is a one-character substitution of the popular web3 SDK thirdweb, but the shipped source is a copy of MikeMcl/big.js...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:1 p.m.5 views

Malicious code in thirdwebjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8822953aa63581fd4fb3ea5a1511d646a56f6629e228257b37eb904efdee8e3 Package name impersonates the well-known 'thirdweb' brand but ships a verbatim copy of MikeMcl's big.js arithmetic library with an injected loader...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 8:1 p.m.6 views

Malicious code in rainbokit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 692bd458c1417d7b87761cfa62e666685cb8d2ebf605b54de3ef8ad5dd993555 The package publishes as rainbokit but ships a verbatim copy of the legitimate big.js library matching author, repository URL, README, LICENCE, and...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 7:33 p.m.7 views

Malicious code in hunsterx-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32f2430d6e0da9484283d0012a16df0c593ccb5fa2a56ea727bd19ba435f964f preinstall.js executes a chain of evalBuffer.from'','base64'.toString payloads at npm install time. The decoded payloads collect host identity...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:22 p.m.6 views

Malicious code in @zynkit/probe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f7da2d08466718d66bb9a80478987eab5041e19ee53f80d6968e6dc3069edf2 No concrete indicators of installer-side harm were observed in this package version. No lifecycle scripts performing remote fetch-and-execute, no...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:22 p.m.5 views

Malicious code in @frostnode/probe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a143792d6fce9dfc36bbd2f99c44710055d4f0be6408ed046fb4ea4ea2e86f3 No suspicious behaviors were observed in this package version. There are no install-time lifecycle hooks fetching or executing remote code, no...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:22 p.m.6 views

Malicious code in @gleamkit/probe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaef237007e5d89031d334bf56a29892c7d6103aba9563b040556eea20ef2cfa No suspicious behaviors were detected in this package. There are no lifecycle scripts performing remote fetches, no credential or environment scrapin...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:11 p.m.6 views

Malicious code in ts-grok (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a981e7e3ba27d859a2c536cbc25c04ebece92e1992035226ea9246d8bd381f1d Package ts-grok ships a verbatim copy of big.js v7.0.1 same banner, author 'Michael Mclaughlin', repository URL https://github.com/MikeMcl/big.js.git...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:11 p.m.6 views

Malicious code in ts-escrow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9607025df61aa1728bceb1a71534460a9e9edf2f3cd1d4eedd533238786577c2 [email protected] is a verbatim copy of the big.js library README, repository URL, author, version banner, and description all impersonate MikeMcl/big....

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:11 p.m.4 views

Malicious code in ts-bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:11 p.m.5 views

Malicious code in ts-bn-lint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8847a06a4d25b751ec7d33732a23324a42d7b2775ce441811623500b7b60f267 Package masquerades as a TypeScript lint helper but ships a credential-harvesting payload in index.js. The exported fromstr recursively walks...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:11 p.m.6 views

Malicious code in ts-escro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26030cb7301c4ff9ea68753581f70290a957e1422b425df7119416fea126c324 The package ships a verbatim copy of MikeMcl/big.js v7.0.1 same banner, MIT copyright, and API but is published under a different name ts-escro. At...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:11 p.m.9 views

Malicious code in @muaththir/api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66954b91179d60bfbf1c18e8ed8ed9e6b12ab7b13bc6ab2a4174c3bf063c2c0a On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identifiers os.userInfo.username, process.cwd, Node...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:7 p.m.6 views

Malicious code in ts-biginteger-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8059a1d2db2edb7231b017023f82f6a651585c0ee7120aaebe882cb6407b9e3 Package is published as 'ts-biginteger-lib' but its metadata, README, and source are a wholesale copy of big.js by MikeMcl author set to 'Michael...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:3 p.m.5 views

Malicious code in cursorai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 914d7c07827875b12edb7c67ca6ff6fdecf75072ece3ed1c8528d1036db6d96f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:0 p.m.5 views

Malicious code in @ravespaceio/rave-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4744e569e605ac6d749c8611417ad75dfd4d32f30fb6a75d5bcfa211d126bbd6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:0 p.m.9 views

Malicious code in @ravespaceio/browser-input (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4814ac9a416bc2053c14cc597f4587bca639c752bba54c8429c4be9b49f3137b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:57 p.m.5 views

Malicious code in web3-crypto-address-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36cd7750ff28e527c0a147330b21275364e997713a22a026e74dffb81cb9b123 [email protected] advertises itself as a multi-chain wallet address validator but ships an active crypto stealer that fires automatical...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:55 p.m.5 views

Malicious code in web3-eth-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2e70ad91037bdc97e6b1ab8c95f5f2b5eecdb4524582d79dae5f240cbdbfc29 Package name and metadata impersonate the legitimate @ethereumjs/util / ethereumjs-util packages: README is copied verbatim from the upstream...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:55 p.m.5 views

Malicious code in web3-eth-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a262e70316cd74a87b043cd1985e456639781763d4a3ef69aa09d99a2795154 Package name, README, repository URL, contributors, and module structure are copied from the legitimate '@ethereumjs/util' / 'ethereumjs-util' packag...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:54 p.m.5 views

Malicious code in calculate-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a23ca03d834e21ee4ba3040e377b27097b9811e7d537e359c1b50b5aa15fdef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:50 p.m.7 views

Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:38 p.m.7 views

Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:32 p.m.5 views

Malicious code in ts-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a6e18b2d6bef04dd8377fac8d9b20e5545f1ec39875fdd308adf118b6f319d1 The package publishes under the name ts-sudo but ships a verbatim copy of the big.js v7.0.1 source big.js, big.mjs along with big.js's description,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:32 p.m.5 views

Malicious code in mjs-eslint-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 976e104551fb8019a7f905830a468229da9572b6ca5dc3b9e2b00e2140fe2c05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:32 p.m.5 views

Malicious code in server-parket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e771f79bc648994a4dc1e8bf9195230f1b6934984bcdb712269fe4c32a039ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:27 p.m.5 views

Malicious code in ts-arithmetic-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4712d3f1a81541e2b3143f89974200358301b0a9831c3187875adc1fbe82bfbe [email protected] ships source files that copy the big.js v7.0.1 library verbatim preserving Michael Mclaughlin's copyright banner and the...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:27 p.m.6 views

Malicious code in parket-flow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a16b4d37e2525d236562aba3e3562dd73f016e89f417ebead9c82dcbb668d85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:27 p.m.5 views

Malicious code in ts-predict-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7efbafcedfb49da5093c3972473a549694dd9dd748281a299034c31578db1943 Package is published as ts-predict-helper but ships a byte-equivalent copy of big.js v7.0.1's source and README which states 'No dependencies', along...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:25 p.m.7 views

Malicious code in chalk-ultra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a219b45c3fdcdb883eeb2c7e74d20060af2c788865e7925f911e40276dcd631 chalk-ultra is published under a name that mimics the widely-used chalk package, but its main is a verbatim copy of nodemailer source and its...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:25 p.m.8 views

Malicious code in analysis-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...

6AI score
Exploits0References22
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:24 p.m.7 views

Malicious code in hashd-edu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f8480ae1ab46f8b6f61848c271af2819d88644df8d8f36b04b458103c5d5454 The package ships a full remote-shell backdoor that fires both at install time and at module load time. postinstall.js forks itself as a detached...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:21 p.m.6 views

Malicious code in date-format-helper2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66c1775ce65ad47476ee1a0f1c7c5373e61466ec3eb4543cc658e67d2de22960 Package is advertised as a React date-formatting utility, but its postinstall.js performs targeted credential harvesting on npm install. The script...

5.8AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:46 p.m.6 views

Malicious code in react-simple-utils-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...

5.9AI score
Exploits0References17
Total number of security vulnerabilities226591