226511 matches found
Malicious code in debugcli (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dd4fa31ed29d493ac05d6ec17a90f51fe68008b674268e1751c4b25792703b8d The OpenSSF Package Analysis project identified 'debugcli' @ 4.3.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in typescript-util-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f5a6bd9cf4dfc55c5c01859852cf26435e42d4b846384d08b80b7d609b27ad1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-node-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 938793019b03ce033ae241aa80d0515a4d42d2580298f1d0fcf8627176e9b160 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in web-api-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ca2f8dce9e845346901818eadd06a0cda318c99ac3e059cd076d9f4065e2c17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in api-ts-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 641c2e8873a175e838cb215cabf680efdb6514c526d920992781fd16201b3adb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in api-node-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ac5b00d553b256f998ea13be45b7f41a939f85e3c272bf24fd91ad6747c6266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in alder_morrgan (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96468d16380fb68b99823735be418b7393216e068ce91f6aa31f2e1305d9d4d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @node-cloud/create (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20ec89db74ea284a2817fd9ef23bc86cfdca225534dfa9a19adff462186a8910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @lodash-en/lodash-en (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in decode-sdks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 645d703f4bbd5a7aedaa60a60b7d20af253d4da8efaf82cbac3520a8f21d67b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @jacobtan/decode-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in epic-internal-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8e96ac07cfb3a5132ff46542a6feca17f9b907b20596d713cd89063840ff2b47 The OpenSSF Package Analysis project identified 'epic-internal-tools' @ 99999.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in horde-python-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad72fe1fdc56e7fb5716a906fb8481bfe1e477d2f97c649d5db853a79130628a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in epic-build-scripts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 93043b3f00a64c66fb0680256387471b656f222556c282c9cb1680347f14fae8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in ue-python-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9494382fb3885f95987ec830f096aac6cde589cac9485b6a347bafed9a8a7e39 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in unreal-mladapter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b4f17043a9c57ea2087c59c771151186c117ab64cbf5c45df85df62469aa89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in ue-automation-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 312f2d385743023503ed2c86bab1361eff17db32aa8a33d6d4da0015b3650095 The OpenSSF Package Analysis project identified 'ue-automation-scripts' @ 99999.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in robomerge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 55684448bbccf72279c32f468fcfcb8a65500ffd2fe3807aec3e34bfc381a773 The OpenSSF Package Analysis project identified 'robomerge' @ 99999.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in unreal-horde-dashboard (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5e9b87fe74bfc9ebca4a6385b3038cd8a3b5d9907b02772377ed3383318578e4 The OpenSSF Package Analysis project identified 'unreal-horde-dashboard' @ 99999.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in ue-jenkins-buildkite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a67a3300cb2357e9661889459167d34c43be7925bd3d476d3a08588d9a907b59 The OpenSSF Package Analysis project identified 'ue-jenkins-buildkite' @ 99999.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in @checkrhq/adjudication-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dc8d5c39d401d053978bb8f17234bc79db730d15b55634319f239baf32dc9b0b The OpenSSF Package Analysis project identified '@checkrhq/adjudication-api-client' @ 0.0.2 npm as malicious. It is considered malicious because...
Malicious code in dt-validator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0fc0256380d811cdce05ffa9c3644a5f7e4ebd6f7acfce0f955935b42449b17a Code contains a function to execute remote code, which at the time of analysis was extracting the "authuser" table from Django DB. The remote code execution is...
Malicious code in tailwind-animates (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 976a38db77a7958d63f884cc2b09a6a7bf725deb719d632d7442e39503b43fb0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in db-convertor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 325a83367699f226bf706d6847891a07256202cb73998bc9866eb485132d2a2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @modhamanish/rn-mm-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c807ecdca1e37cf87858d2f1a8a53f187c8a3059dcf4b2a94acbc81fbf2c374a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @marketfront/blenderdevtool (npm)
The @marketfront/blenderdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/fashiononboardingpopup (npm)
The @marketfront/fashiononboardingpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0...
Malicious code in @marketfront/footer (npm)
The @marketfront/footer package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/basemarkettemplate (npm)
The @marketfront/basemarkettemplate package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...
Malicious code in @marketfront/captchaservice (npm)
The @marketfront/captchaservice package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/errorcounter (npm)
The @marketfront/errorcounter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/actualordersnippetpopup (npm)
The @marketfront/actualordersnippetpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0...
Malicious code in @marketfront/bannerpopup (npm)
The @marketfront/bannerpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/baobabtech (npm)
The @marketfront/baobabtech package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/devtoolsloader (npm)
The @marketfront/devtoolsloader package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/navbar (npm)
The @marketfront/navbar package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/commonecommerce (npm)
The @marketfront/commonecommerce package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/mychatspreloader (npm)
The @marketfront/mychatspreloader package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and us...
Malicious code in @marketfront/digitalherobannercarousel (npm)
The @marketfront/digitalherobannercarousel package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0...
Malicious code in @marketfront/gotoauthpopup (npm)
The @marketfront/gotoauthpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/header (npm)
The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/fingerprint (npm)
The @marketfront/fingerprint package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/dynamicpageparams (npm)
The @marketfront/dynamicpageparams package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and u...
Malicious code in @marketfront/advertisingdevtool (npm)
The @marketfront/advertisingdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...
Malicious code in @marketfront/changefilter (npm)
The @marketfront/changefilter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/livestreampreviewpopup (npm)
The @marketfront/livestreampreviewpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0...
Malicious code in @marketfront/madvpopup (npm)
The @marketfront/madvpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/infopopup (npm)
The @marketfront/infopopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/customdealsfeed (npm)
The @marketfront/customdealsfeed package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/designsystemdevtool (npm)
The @marketfront/designsystemdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...