226591 matches found
Malicious code in @mastra/auth-supabase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14102667ef60137027e1ac57d1c6087be895f088ff27d2691a8f462081413c27 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/auth-clerk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 836a9291dccdd82ae71bccced418a098d402b9bca24d98a3750a2608f8c12447 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/koa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8dd39253d95966dbc6f4cdf9ad6f910e67502b6df405fa824848e6e95d2b4b7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/express (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7375ba72b0d9da5bf4d20ab526cb654b97310e39965bea22eb5d3d0557961d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/nestjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ff9cf8537a90fe445a7a532e389208ae28ceae1f282395e973ba25ae28aacda Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/memory (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92f78b0ff07c91489b166d3ba2d6d7405f35c26a8ba156d4f920d5595c3d0f67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/client-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22551bc03157cad1fefb8af44f3b14c9fe9e892c083eb904e512007015e72f9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb94d4509745d002f2de634d4e8b797f831d24b13fa6dae2f41d67ce6441eba9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in create-mastra (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12df16ee90f6c59f31e4b0b71f2dbf3a0b046e17ecae5e13399b69fec9f3c563 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/deployer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbd99dea462f2f28099ae0f57cd6c89edd76f08476cd9a6265b1c23defcd2b23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e8680eac7ec33969a40c073263f4306e4bcd6317a6b4fae468d8bedec10397c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in metrics-probe-64b2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae901b673ee21724897f69c782eb2808c55c2722bacc9912a4a3e60f7019883 package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on every npm install. run.js imports os, fs,...
Malicious code in metrics-probe-77d4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d079b30dbb30db1a61acddcd094d2e7e67e7ef466d624e4ad2392edc9d9203e On install, package.json runs postinstall: node run.js. run.js imports os, fs, http, https, and childprocess and at runtime collects host identifiers...
Malicious code in metrics-probe-dc85 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932 On install, package.json declares postinstall: node run.js, which auto-executes run.js when the package is installed. run.js imports os, fs, http,...
Malicious code in pkg-telemetry-r4f9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...
Malicious code in runtime-metrics-w7k2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...
Malicious code in npm-sandbox-ping-r9t2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335649d395a44d7de1bc6343dbce1f0459414ef92ab149413a86b47e28f3c7c3 package.json declares a postinstall hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon14.js,...
Malicious code in gpu-accelerator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab0d6b253674f5eef505fbffb76003d2071569fd9d8abdf8993197738bb27759 The package advertises itself as a PostCSS plugin for CSS hardware-acceleration hints, but its only legitimate behavior is a 3-line walkDecls that ad...
Malicious code in canary-ci-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a572fd7ffa39ecc1ba62c71d1dfe31722bfbe0c4118b7ab8400c1d5f4a61ba0f On npm install, the package's postinstall lifecycle script postinstall.js collects installer-side host identifiers — os.hostname, os.userInfo.usernam...
Malicious code in nepublisher (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc0d0609f88630f7ce36adf18c70a1d6bd3d64aaaa059a3b8ec9b97b813705a On npm install, lib/init.js spawns a detached Node child process that collects host identifiers hostname, username, cwd, IPv4 addresses, Node version...
Malicious code in ts-webplug (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a205cee3f545c9dd5083055f8dad50c5e131603bf50d37bbb3f7ef5a744d88f [email protected] impersonates the pino logger exports named pino, lib/ tree mirroring pino's file layout, keywords fast/logger/stream/json but its ma...
Malicious code in params-valid-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 397af72237ba3626ac4727497662530f602c2ce6ec71406f48b508055687366c The package presents itself as 'Simplified HTTP request client' and copies identity metadata from Mikeal Rogers' legitimate request package bugs URL...
Malicious code in tobihook (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c093ec7049ebbe26ca860033bc1fd81ad98f4f586b66fc68170e1ff81ae90bb The package masquerades as an HTTP helper functions named post/get/fetch, module comment ' request/init.py', and an unused requests dependency but ea...
Malicious code in node-path-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 180db640dc8207694eb4629834f74b740d7efc9febf26067d190e10656fe04e9 Package name node-path-utils and its README/description claim it is 'an exact copy of the NodeJS path module', impersonating the Node.js core path...
Malicious code in req-parmas-valid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063b7e2667c434784d0b5d2ce333ea700fbc17571da3f5f4fc7d0f03ac406bd0 Package name req-parmas-valid impersonates the well-known request HTTP client description copied verbatim as 'Simplified HTTP request client.',...
Malicious code in sheratan_test_p (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 472354ac3cd0bba5d399eea2f09e4b7f60cb2cb65e20d4af0f6398882403f566 On npm install, the package's postinstall.js executes whoami via childprocess and POSTs the output along with stderr, error, and a timestamp to a...
Malicious code in pathfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2527fa3618f01b694722f2a50297c248053dcdabf1b471ee9bdbdc6522bb838 pathfix presents itself as a Stylus port of normalize.css but ships a copy of the unrelated normalize-path module with an appended...
Malicious code in ogd-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1df5f4bdd6e2f58ff581cbad0d01738b5f6464794ace1a9fa95eea061a5bb7d5 package.json declares a preinstall lifecycle script that runs automatically during npm install. The script executes hostname, whoami, and pwd, then...
Malicious code in classbreeze-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...
Malicious code in easy-day-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8602a5a154b50bb6351900a08fa45d7814c0f152e4379dcae53ccfa0b83db891 Package name 'easy-day-js' impersonates the popular 'dayjs' library, copying dayjs's author 'iamkun', homepage https://day.js.org, repository URL,...
Malicious code in @public-for-cdao/hooks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8611956b7ad849ba2a98285fa33897da931deb28e74f30bc8a6299d567852c51 The OpenSSF Package Analysis project identified '@public-for-cdao/hooks' @ 99.99.99 npm as malicious. It is considered malicious because: - The...
Malicious code in cryptodao-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21c450a1d14c10213b83137f9c0670a9d8ed953105f96d66eedee78a56479d82 Package is published as version 99.99.99 to win private-vs-public resolution against an internal cryptodao-contracts namespace. The package's main...
Malicious code in cryptodao-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44bcbcde72a12ed60b3d16200226faa40f1e7e66c6ac36776710f2a0a3fec9a7 package.json declares a postinstall hook that runs recon.js on every npm install. recon.js harvests installer-side secrets — AWSSECRETACCESSKEY,...
Malicious code in cryptodao-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cecefbb2ee777ab552f12fef0eab9af65f0a6c79f8a75a90f3df495a6746ec4a On npm install, the package's postinstall hook executes recon.js, which harvests installer-side data and POSTs it to attacker-controlled endpoints...
Malicious code in cryptodao-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97e08a5a6fa93f0080d53371f566846f4258ed5e50479f43b9fc10c7a9716410 package.json declares postinstall: node recon.js, which runs automatically on every npm install. recon.js harvests host information and a curated lis...
Malicious code in cryptodao-signer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce8426b1d9dc5bde6547b58a21f2d3b519e56f7c2f948aa7e2173261532cee7 On npm install, the package's postinstall hook executes recon.js, which enumerates a hardcoded list of credential-bearing environment variables...
Malicious code in cryptodao-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5323b2fc30e7603b402729f45345a9c3eb4af8361acaca5d035cc51f9e660cea package.json declares postinstall: node recon.js, which fires automatically on npm install. recon.js enumerates installer-side secrets —...
Malicious code in cryptodao-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b5f3b7ec6eecce3d891664f33660a1c612cdd3c6ac99ba52633ef77a2df543c On npm install, the postinstall hook runs node recon.js, which harvests installer-side secrets and POSTs them over HTTPS with TLS certificate...
Malicious code in cryptodao-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39fca1d76ba65e01fbd3319d6752bb0dc896f9cc356676c6bfad3671d8b1e0d9 On npm install, the package's postinstall script recon.js harvests installer-side secrets and POSTs them to attacker-controlled webhook endpoints. Th...
Malicious code in cryptodao-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbe5f8614a264a8d3cdd2ecf8ecd2ad17292dbb5c5bcc25d0ae9d77eb8821df package.json declares postinstall: node recon.js, which auto-runs on npm install. recon.js lines 30-46 scrapes a curated list of credential-bearing...
Malicious code in cryptodao-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03ac58e81310f19b32d136445eab91f7ddc776921ff8dfd08bdb91bcdd4a1da6 [email protected] ships a postinstall script recon.js that runs automatically on npm install and harvests installer-side secrets. The script...
Malicious code in @mastra/posthog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68c0b320aa1f49ebdcdd16447b0ac3174bb2a81f46bca2740ca6eaca20f1accd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/clickhouse (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0340e0357954273b020b5db0242f8b065276aef9e697fd85f0598bea219abdf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/inngest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19cbcd15c5712e6186e7c33eada48faba79b19ad02868c2c8d79e9c61adfd33f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/braintrust (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2053fb9cbf539ca50f9ce53f20fac40663f16416632b0a568c985ace7e2b750d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/rag (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9608d74e59d524d1052f6b05c8fba2b9d181452f28a012785eb80cb6764abe3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/mongodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49f8ee83c01b471839bea21d7231e347b261071539611998f952f050cded4cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e3fd453d8d4b3cf403d6d1445b295c8de0462a463c857388fb6c800c7c897cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/mcp-docs-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fc99cf0a492f130a49e5c8590c8e66a4eeb3066d10fcf2907c39289f3b9de4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/langsmith (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc3531517e5f0ee78107712a4c4a8f98578c0234f26ef2f1f532fd45eb37e3f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...