226591 matches found
Malicious code in npm-bug-bounty-test1-rhyselsmore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 354a2aa5da5356bab1c97537f865ebdf6af3fcc24f74a6f7c6f78181265c8af2 package.json declares a dependency foo whose source URL is https://3223567a82f3.ngrok.app/foo — an ephemeral, anonymous ngrok tunnel with no version...
Malicious code in ppt-creator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8040bc58597dee52581beb232688c85302554af0af5726abc15c56a21ac69f2c On npm install, package.json's preinstall hook runs index.js, which collects host identifiers os.hostname, os.userInfo, homedir, DNS servers, dirname...
Malicious code in bug-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdac6ea5e7530323f39451c43fc9e4693b30704a5f9e9287018c727a44c36a5d package.json declares preinstall: node index.js, causing index.js to run automatically on npm install. The script collects hostname, username, home...
Malicious code in theme-color-picker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...
Malicious code in chai-as-operated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927e5f9d908ce243e10ddf51e2463ac96c6f685790ec9f35dcc7309c90ad8407 Package name impersonates the widely-used chai-as-promised README instructs chai.usechaiAsOperated and the README badges further impersonate pino...
Malicious code in markdownlint-cli2-fix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca7d5154ecbbcc636198bd2314e1916e5f0673d37ab7b14caca2ea96ad5ac5e1 Package name 'markdownlint-cli2-fix' impersonates the popular 'markdownlint-cli2' linter but contains no linter functionality — the README states...
Malicious code in buffer-wrap-67d7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0192c1f2bf35c50a401e2df63f505564880339f5329c0ffcfdb8748cd6d48e3 The package declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on npm install. run.js imports os, fs, http,...
Malicious code in hex-conv-ae7a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35d4f6adb1ef40a529deec65b7409b949cd93ad60d6cf3880ff5e8f0079fef1f The package's package.json declares a postinstall hook "postinstall": "node run.js" that runs run.js automatically on npm install. run.js imports os,...
Malicious code in safe-json-38bd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 523c83ae906ad871cb1ea3ffef4c0ae4e2d9f717376b86e97f6575e47cbc640d package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on npm install. run.js imports os, fs, http,...
Malicious code in wagmi_util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44ca5f8da70044150618d34a591d8a6d72aa77a5e22eb30da3e86f4b74c76ef Package wagmiutil impersonates the popular wagmi package: it copies wagmi's tagline "React Hooks for Ethereum", re-exports wagmi's full React-hooks...
Malicious code in log-taker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35623f56ea43d8a9a7ac1caa84678ed40d6923fdf19d8d23f7d4aacdde1a8c4a index.js requires childprocess and invokes execSync with bash and zsh shells around lines 315 and 331. The available evidence does not establish what...
Malicious code in react-check-error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d89ef9716015743217a9492f4b4469459da701a1b6198851f1527033f1e5c9ae On require, index.js invokes initMsgCache at module top level. The function derives an AES-256-CBC key, IV, and ciphertext from a hardcoded 161-byte...
Malicious code in triage-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef2bb10931626a345e1277463f9c2ec6ca36108c2d6131c9210707ea5692a64 package.json declares preinstall: node index.js, so the payload runs automatically on npm install with no user action. index.js requires os, fs, and...
Malicious code in therdweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9e63765322daedaf6d802d322402a1837d3ec653ecf47909d243e5c87398117 The package's name 'therdweb' is a one-character variation of the popular 'thirdweb' SDK, while its contents README, source code, author field 'Micha...
Malicious code in thidweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80721058923b3e5963a6ee170007b8b4131ae5093481456ca10e63f52963987d Package is published as thidweb but its README, source comments, repo URL, and author metadata all identify it as big.js v7.0.1 by Mike McLaughlin...
Malicious code in rainbownkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 970be1fb6306ff1e8dc6119d96404f600a1eb44a47124e2910bb9237bb80fe9a Package 'rainbownkit' is a single-character typosquat of the popular Web3 library 'rainbowkit'. The shipped source, README, repository URL, and autho...
Malicious code in thurdweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 775ff15f4a1314978d4cfed1e97c6c9ac8621d8ddeed93160c25aa3681f73cc7 Package name thurdweb is a one-character substitution of the popular web3 SDK thirdweb, but the shipped source is a copy of MikeMcl/big.js...
Malicious code in thirdwebjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8822953aa63581fd4fb3ea5a1511d646a56f6629e228257b37eb904efdee8e3 Package name impersonates the well-known 'thirdweb' brand but ships a verbatim copy of MikeMcl's big.js arithmetic library with an injected loader...
Malicious code in rainbokit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 692bd458c1417d7b87761cfa62e666685cb8d2ebf605b54de3ef8ad5dd993555 The package publishes as rainbokit but ships a verbatim copy of the legitimate big.js library matching author, repository URL, README, LICENCE, and...
Malicious code in hunsterx-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32f2430d6e0da9484283d0012a16df0c593ccb5fa2a56ea727bd19ba435f964f preinstall.js executes a chain of evalBuffer.from'','base64'.toString payloads at npm install time. The decoded payloads collect host identity...
Malicious code in @zynkit/probe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f7da2d08466718d66bb9a80478987eab5041e19ee53f80d6968e6dc3069edf2 No concrete indicators of installer-side harm were observed in this package version. No lifecycle scripts performing remote fetch-and-execute, no...
Malicious code in @frostnode/probe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a143792d6fce9dfc36bbd2f99c44710055d4f0be6408ed046fb4ea4ea2e86f3 No suspicious behaviors were observed in this package version. There are no install-time lifecycle hooks fetching or executing remote code, no...
Malicious code in @gleamkit/probe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaef237007e5d89031d334bf56a29892c7d6103aba9563b040556eea20ef2cfa No suspicious behaviors were detected in this package. There are no lifecycle scripts performing remote fetches, no credential or environment scrapin...
Malicious code in ts-grok (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a981e7e3ba27d859a2c536cbc25c04ebece92e1992035226ea9246d8bd381f1d Package ts-grok ships a verbatim copy of big.js v7.0.1 same banner, author 'Michael Mclaughlin', repository URL https://github.com/MikeMcl/big.js.git...
Malicious code in ts-escrow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9607025df61aa1728bceb1a71534460a9e9edf2f3cd1d4eedd533238786577c2 [email protected] is a verbatim copy of the big.js library README, repository URL, author, version banner, and description all impersonate MikeMcl/big....
Malicious code in ts-bn-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...
Malicious code in ts-bn-lint-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8847a06a4d25b751ec7d33732a23324a42d7b2775ce441811623500b7b60f267 Package masquerades as a TypeScript lint helper but ships a credential-harvesting payload in index.js. The exported fromstr recursively walks...
Malicious code in ts-escro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26030cb7301c4ff9ea68753581f70290a957e1422b425df7119416fea126c324 The package ships a verbatim copy of MikeMcl/big.js v7.0.1 same banner, MIT copyright, and API but is published under a different name ts-escro. At...
Malicious code in @muaththir/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66954b91179d60bfbf1c18e8ed8ed9e6b12ab7b13bc6ab2a4174c3bf063c2c0a On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identifiers os.userInfo.username, process.cwd, Node...
Malicious code in ts-biginteger-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8059a1d2db2edb7231b017023f82f6a651585c0ee7120aaebe882cb6407b9e3 Package is published as 'ts-biginteger-lib' but its metadata, README, and source are a wholesale copy of big.js by MikeMcl author set to 'Michael...
Malicious code in cursorai-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 914d7c07827875b12edb7c67ca6ff6fdecf75072ece3ed1c8528d1036db6d96f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ravespaceio/rave-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4744e569e605ac6d749c8611417ad75dfd4d32f30fb6a75d5bcfa211d126bbd6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ravespaceio/browser-input (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4814ac9a416bc2053c14cc597f4587bca639c752bba54c8429c4be9b49f3137b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in web3-crypto-address-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36cd7750ff28e527c0a147330b21275364e997713a22a026e74dffb81cb9b123 [email protected] advertises itself as a multi-chain wallet address validator but ships an active crypto stealer that fires automatical...
Malicious code in web3-eth-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2e70ad91037bdc97e6b1ab8c95f5f2b5eecdb4524582d79dae5f240cbdbfc29 Package name and metadata impersonate the legitimate @ethereumjs/util / ethereumjs-util packages: README is copied verbatim from the upstream...
Malicious code in web3-eth-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a262e70316cd74a87b043cd1985e456639781763d4a3ef69aa09d99a2795154 Package name, README, repository URL, contributors, and module structure are copied from the legitimate '@ethereumjs/util' / 'ethereumjs-util' packag...
Malicious code in calculate-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a23ca03d834e21ee4ba3040e377b27097b9811e7d537e359c1b50b5aa15fdef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in security-alerts-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...
Malicious code in sync-external (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...
Malicious code in ts-sudo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a6e18b2d6bef04dd8377fac8d9b20e5545f1ec39875fdd308adf118b6f319d1 The package publishes under the name ts-sudo but ships a verbatim copy of the big.js v7.0.1 source big.js, big.mjs along with big.js's description,...
Malicious code in mjs-eslint-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 976e104551fb8019a7f905830a468229da9572b6ca5dc3b9e2b00e2140fe2c05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in server-parket (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e771f79bc648994a4dc1e8bf9195230f1b6934984bcdb712269fe4c32a039ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-arithmetic-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4712d3f1a81541e2b3143f89974200358301b0a9831c3187875adc1fbe82bfbe [email protected] ships source files that copy the big.js v7.0.1 library verbatim preserving Michael Mclaughlin's copyright banner and the...
Malicious code in parket-flow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a16b4d37e2525d236562aba3e3562dd73f016e89f417ebead9c82dcbb668d85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-predict-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7efbafcedfb49da5093c3972473a549694dd9dd748281a299034c31578db1943 Package is published as ts-predict-helper but ships a byte-equivalent copy of big.js v7.0.1's source and README which states 'No dependencies', along...
Malicious code in chalk-ultra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a219b45c3fdcdb883eeb2c7e74d20060af2c788865e7925f911e40276dcd631 chalk-ultra is published under a name that mimics the widely-used chalk package, but its main is a verbatim copy of nodemailer source and its...
Malicious code in analysis-chart (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...
Malicious code in hashd-edu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f8480ae1ab46f8b6f61848c271af2819d88644df8d8f36b04b458103c5d5454 The package ships a full remote-shell backdoor that fires both at install time and at module load time. postinstall.js forks itself as a detached...
Malicious code in date-format-helper2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66c1775ce65ad47476ee1a0f1c7c5373e61466ec3eb4543cc658e67d2de22960 Package is advertised as a React date-formatting utility, but its postinstall.js performs targeted credential harvesting on npm install. The script...
Malicious code in react-simple-utils-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...