226591 matches found
Malicious code in n8n-nodes-security-test-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa97d4701c29ef5305fa5b553ab560abd6db6cc33b72f99dc11621997b668f32 Package presents as an n8n community node but is an attack artifact. The node's execute in dist/SecurityTestNode.node.js queries AWS IMDSv1/v2...
Malicious code in lab-services (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4acaa72e3c14b79785540c878cb48f7a0cdc238d20ac9cebd6ffdd42061f6e7b On npm install, the package's preinstall lifecycle script node.js collects host identifiers from the installing machine — hostname, public IP resolve...
Malicious code in scan-only (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...
Malicious code in swift-parse-stream (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab8561c6c561b045d817d4fab3aa0754ce7cd767a3c5ec07b95151dda6b92c8 swift-parse-stream advertises itself as an SVG sanitizer/minifier but ships an undocumented getPlugin export in index.js that, when invoked, performs...
Malicious code in quirky-token (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...
Malicious code in sodel-pych (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95b8b8f54c9c2a4fa965e4a7fe7ea9c8f8ef1b5bcdd4cc1da7354d0ce2e8842f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sort-btree (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c3b0d783c53decf1a240f02276991c7c00a8b72f0d3988a7e86be90464da38d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ignacionunez91/keccak24 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfec04815826725073e7a7203430d9019237923470f56874242b4f0c86a1ba91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in qrcode-generator-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2e3780245e75cd7c6d52efe4281c744dcfd740224d1d53a22228fb702a193e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in express-validates (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 664bb6a50d7278e22231a68d44872634603c698fff31d31e787c86a3291603db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in qrcode-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b22e1bf641d5ee5ced5547dd7cdd0f0e6a3525bf029dc3f276e85bb3a013019 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tailwindcss-animates-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7250854be2f2ab8b43e62611a704a3c31d3f42180356e61955b4fc30fd2bcf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in datapersistence-steppers-ai (npm)
The npm package datapersistence-steppers-ai published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registe...
Malicious code in enzyme-optimization-bluetooth (npm)
The npm package enzyme-optimization-bluetooth published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in platformspecific-webgl (npm)
The npm package platformspecific-webgl published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in interaction-photos-infinitescroll (npm)
The npm package interaction-photos-infinitescroll published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in custom-save-area-block (npm)
The npm package custom-save-area-block published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in datapersistence-profiling (npm)
The npm package datapersistence-profiling published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in ios-save-area-custom (npm)
The npm package ios-save-area-custom published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in personal-custom-button (npm)
The npm package personal-custom-button published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in analytics-readability-gestures (npm)
The npm package analytics-readability-gestures published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in request-tracking-sqlite (npm)
The npm package request-tracking-sqlite published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in dropdown-thread (npm)
The npm package dropdown-thread published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in jest-macos (npm)
The npm package jest-macos published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in framerate-interaction-permissions (npm)
The npm package framerate-interaction-permissions published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in flexbox-oauth-machinelearning (npm)
The npm package flexbox-oauth-machinelearning published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in macos-contentprovider-optimizingassets (npm)
The npm package macos-contentprovider-optimizingassets published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount...
Malicious code in streaming-downloads (npm)
The npm package streaming-downloads published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in virtualization-compression-collapse (npm)
The npm package virtualization-compression-collapse published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in pushnotifications-gesturerecognition (npm)
The npm package pushnotifications-gesturerecognition published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount i...
Malicious code in buildautomation-touch (npm)
The npm package buildautomation-touch published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in lazyloading-haptics (npm)
The npm package lazyloading-haptics published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in notificationcenter-enzyme-jest (npm)
The npm package notificationcenter-enzyme-jest published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in font-picker-responsive (npm)
The npm package font-picker-responsive published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in touchid-images (npm)
The npm package touchid-images published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in designsystem-vector (npm)
The npm package designsystem-vector published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in async-protobuf-av (npm)
The npm package async-protobuf-av published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in userinterface-machinelearning (npm)
The npm package userinterface-machinelearning published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in onesignal-hooks (npm)
The npm package onesignal-hooks published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in barcodescanner-reconnect (npm)
The npm package barcodescanner-reconnect published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in documents-widgets (npm)
The npm package documents-widgets published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in expandingcards-socket-virtualization (npm)
The npm package expandingcards-socket-virtualization published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount i...
Malicious code in accordion-animationtiming-authorization (npm)
The npm package accordion-animationtiming-authorization published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component moun...
Malicious code in request-performance (npm)
The npm package request-performance published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in actionbars-infinitescroll-searchbar (npm)
The npm package actionbars-infinitescroll-searchbar published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in profiling-keychain (npm)
The npm package profiling-keychain published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in firebase-readability (npm)
The npm package firebase-readability published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in socket-network (npm)
The npm package socket-network published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
Malicious code in backgroundprocessing-contextmenus (npm)
The npm package backgroundprocessing-contextmenus published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
Malicious code in @mastra/node-speaker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 533edd2cc182364fb414aafe6f23015108d4464e3b5f929baf0360e271ec5f0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...