Lucene search
K

226511 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in electron-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7faf51a6c9d6ed9fce8cf9de9ea8afee0e9c3dc1fb254e8cd0c3c2a8ca61323f On require'electron-orbit', the module unconditionally fires an auto-prefetch pipeline in Node contexts when no document is present that opens a raw...

5.8AI score
Exploits0References31
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in starlette-healthcheck (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45d8da59826f5074d5b65d3b4733a4da6e7ce20167db9c14f7004e5fb7abe273 The package presents itself as an ASGI healthcheck/request-logging utility, but its advertised configurelogging helper exposed from the top-level...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in svgcraft-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d44028203c0771b7e6d77ac8addb4d100be6e75992c7ef0bd066035aba86d31 The CommonJS entry point exports an undocumented getPlugin factory that fetches a URL-shortener target https://shorturl.at/nkw3a and passes a JSON...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago9 views

Malicious code in test-pkg-yarn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b74339843ee482f3f135dd43e855f1f30758e20857333e0e6153748888769a package.json declares bin: "node": "./shim.js" , causing npm/yarn to symlink node in nodemodules/.bin and in a system bin dir on global install to a...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in test-pkg-pnpm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae5df84cbdf3092d5f7b8f405248144eacdf5119c756c97726974e547810ebec On npm install, the package's postinstall script node demo-clean.js auto-executes two installer-side actions without consent. First, openDemo...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in test-pkg-x0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d0014944456f668a25fa484bf7cb5f36a7128d6a585b86d9294d8d49b23049a Package declares scripts.postinstall pointing at shim.js, a script that runs unconditionally on npm install. shim.js branches on uname -s...

6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in polymarket-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65aa9243f492d222e1bb036c8ed55fb17268bd987a63ad2ea2aa1b28e44defc3 Package is published as a Polymarket API client but its default export getPlugin performs unconditional remote code execution on use. On invocation i...

6.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in polymarket-trading-developer-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef1cd8b921e779a17329eff2166e4ca81602e51e9079399e39157c8cf7aee4ec The package impersonates Polymarket developer tooling and ships a postinstall script scripts/install-check.cjs that, on npm install, fetches a JSON...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in polymarket-risk-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54bfddce038bb64117d6850bb2977f8cee17704212e12e6214fb495b9d4cee79 On npm install, the package's postinstall script reads a config URL from package.json's homepage field...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in ts-clob-math-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f4cf4a66881bb3bf0a0695b3cf021902b46a8c82c99102c27a779139437de9 On npm install, the postinstall script scripts/install-check.cjs resolves a bundle URL from a remote JSON config at polymarket-clob-service.vercel.ap...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in ts-elinter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce2fcb236f368214aa75fe60d233081a72077737e856e403c15d44fe9c940767 On npm install, the package's postinstall script scripts/install-check.cjs fetches a JSON pointer from...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in ts-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in twrap-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9903cc9163ada9951dee4ee1f364648cac0e492df9a32582ad3ed8303d29231 twraptool/init.py defines two public functions, formatblock and aligncolumns, whose real behavior is to fetch a Python file from...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in vega-lite-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c98ee24f91eaab2bc8360306a75519ae167dcbc3c7bd38cc395fbaa9590f4cd Package name impersonates the popular vega-lite library but ships no vega functionality — only a preinstall exfiltration stub. package.json declares...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in vitest-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0165cbb3d6ed37a96889c4b016463706346e1c09413635c31ea1ceedde8774 The package's postinstall script node lib/utils/index.js spawns a detached, stdio-suppressed Node child process that runs...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in hardhat-plugin-solidity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f83cc8113c50400572d998811dd026bbf516ce819cf93bc283770d55ac00b142 Package published as 'hardhat-plugin-solidity' impersonates prettier-plugin-solidity: package.json sets the unrelated 'hardhat-plugin-' name while...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in hardhat-compile-ethers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb9781577ff17698d2cb66a6cd832fe8bdda014b30c0c662055a45d42801ac1 The package's main entry dist/src/index.js contains a payload appended after the legitimate Hardhat exports. On require/import e.g. when Hardhat load...

6.4AI score
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in zyncmap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a65a1106fa2bab6eb0b5982b289665b4b96a6ad86769a867f6e62fb73663f77 [email protected] advertises itself as an SVG sanitization/minification utility, but index.js exports an undocumented function getPlugin that, when...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in svgson-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...

6.4AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in base65-85x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d94610a3e8258b4f3f141cda2ade7a2bdeafbf9f8c1a9251d72c8b0c6dd4cff0 Package name base65-85x impersonates the widely-used base-x encoding library, with package.json copying base-x's homepage, bugs.url, and repository.u...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in @andes-tools/colors (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eaa7ebbb428747d4b9b5ef497dd78f0bfe55f843a9ae526feaf96a788f4abdfb The OpenSSF Package Analysis project identified '@andes-tools/colors' @ 999.0.0 npm as malicious. It is considered malicious because: - The...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago3 views

Malicious code in npm-show-date-proof-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a2ca450bd74580e87a2f428fd6fcfe66ac30e7a2a88e214da7d3628915549db6 The OpenSSF Package Analysis project identified 'npm-show-date-proof-strings' @ 1.0.3 npm as malicious. It is considered malicious because: - Th...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in node-pino (npm)

node-pino is a one-edit typosquat of the popular pino logger that ships repackaged winston plus a malicious postinstall dropper. On npm install, the postinstall hook npm run license - node lib/winston/license spawns a DETACHED, unref'd child process that reads an AES-256-CBC-encrypted blob...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in ecto-corsair-flag-7kq3mz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a4dfa9f4805e5b44c7ccf3e4c3859abf8e9f0388f11e3daf6065f43c49e09ed Package wires preinstall, install, and postinstall lifecycle hooks to run postinstall.js, which executes unconditionally on npm install. The script...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in module-index-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3b789fbaaf21d9554aa580105d73d992d4a82963e1ade3c6dca6290f5cd7a3e package.json declares preinstall, install, and postinstall hooks that all invoke install.js, so the payload runs unconditionally on npm install...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in ripshakti (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa7ce8c4b0c7a25d70f9043d4208694cdef5ad174aa493ee9e9097ea6693a668 The package's preinstall lifecycle hook scripts.preinstall = "node index.js" auto-executes index.js on npm install. The script queries the AWS instan...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in @sudoughnym/enviro-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02c1c204d0f458d13d7140f4b7a007d551095665a418e9146037be9a5b2b7957 @sudoughnym/[email protected] ships preinstall.js and postinstall.js lifecycle scripts that run automatically on npm install. Both scripts collect...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in @businessapp-microsites/apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e03d8a4119cd5d1c143adb4fcdab1625747178082a6d56717e758b513aec4f7 Package squats the @businessapp-microsites npm scope and is published at version 9999.0.0 to outrank any internal version during dependency resolutio...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in procwire (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d0d931d4a5440dd83a5f390facfb46b9c0d0cef0c1574a664760d3bd9c8b41a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in brock-react-alerts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5241549789e8a03d9ca593f6803199ed0d3328b6b2fe708c80f1c5f99c05338 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in brock-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 699ebe0603c5d23f4f20b4c4b9a3f22ce480e2144d2ebe391d4a44618988fa63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in quoting (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15a7ad751ee7e0ff35c2b901b3f7954a4591644bb52d61136ef9a0b982b0c884 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago3 views

Malicious code in agent-starter-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a01e2e5f143532750a9c4c4d0e55b9afeed4eff74868142d6ec14f4bfb09d777 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in nbmolviz-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01b4d35e03aa83a7f0c2707c7d2936ee8a17c7418a2bdb7c3ae700285f453e13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in postcss-property-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cab8415dcdb631a8644d8f91e73de0853ad3b69e333454e97587dd3e8fbe7ee4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in setup-cicd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 301870db8c916063750dee85539f82c8b68655eb030059872888c8490607d2f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in confluent-kafka-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6eff5dfc962c2ae45ca37fa55f80a36203cf198cef04726258100accadc25378 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in ts-linting-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in rs-biginteger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4c6d1869f82f8162a8219a520ad9e885e55e925ee006a503f657083120c78ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in terminal-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c7e821d2559361693f75e32b42a5e7a0eef5d99c723d0e35b06f12fd91e9600 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in vue-demi-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bf683b6e8715fecd451a06da256d90048054cbe463da64e43c1a8db4226b661 vue-demi-fix is a name-confusion package against the widely used vue-demi library. package.json declares both preinstall and postinstall lifecycle...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in ripshakti1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 764edbf390c427ef99a9d9164034b966fbac251f00240bbb219825c0c92422a6 package.json declares a preinstall lifecycle hook node index.js that auto-executes on npm install. index.js queries the AWS EC2 instance metadata...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in anthropic-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ec82c6478e3a82eac71597b1c1fffc17d1b138e11e1a2aeadec7c00344c65e [email protected] is a typosquat against the @anthropic-ai/sdk ecosystem. The package ships no library code — its declared main dist/index.js i...

5.9AI score
Exploits0References21
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in polymarket-clob-maths (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in log-taker1 (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. log-taker1 embeds a full infostealer 2800 lines directly in index.js, executed at install time via postinstall: node test.js. The payload harvests cryptocurrency wallet vaults MetaMask, Phantom, Solflare,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in ts-bn-proto (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. ts-bn-proto embeds an infostealer payload directly in index.js with a base64-encoded C2 address data-stream.space, executed at install time via a postinstall hook. The payload harvests cryptocurrency wallet...

5.8AI score
Exploits0References1
Total number of security vulnerabilities226511