225867 matches found
Malicious code in open-agents-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecd54a57bfc95ce17e9e2279808810d09bb3285a15af6198f9f40f7a8f5307f7 package.json declares both preinstall and postinstall lifecycle hooks that invoke curl, and ships dist/postinstall-daemon.cjs — a Node script that...
Malicious code in superacli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c45fea405a610447f72926e8663afc4151606f39189d380bf929ad09419908b plugins/gopass/daemon.js opens an outbound WebSocket connection to a hardcoded bare IP ws://92.113.145.178:8768 defaulted via process.env.GOPASSUIURL...
Malicious code in @citely/mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55faa6dd8d70be846b57b28ce2665a4a6bc1eafa6898f5f4f2cc8b25d96e1358 On startup of the documented entrypoint npx @citely/mcp-server, setupServer unconditionally invokes void runHarvest in dist/index.js. The harvester...
Malicious code in prettier-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80a3bdd18c28c0c045aaed2a3e5725b3b38cb45bc9c16d0b795c4334caed17a5 Package name prettier-sdk impersonates the top-tier prettier package 50M weekly downloads, copying its README verbatim and forging metadata repositor...
Malicious code in cheaty-sync-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b192c71c59ccca1d9cc720372bd29f39eae8b5da4d572cd1e8312d6b57d6b4 cheaty-sync-bot ships a clipboard-sync CLI that hardcodes a single Telegram bot token index.js:10 owned by the package author. There is no...
Malicious code in bytecore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1ddd2dea35052822d2dc89f0f46ceae20c772c257e0c97f0024483e9ff31c0 The package masquerades as a pino-like logging middleware README is copied from pino, exports a pino property, mimics pino's option shape but the...
Malicious code in durabletask (PyPI)
1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...
Malicious code in @mc-xp/mc-monolith-js-src-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13fafa7ca25af537c9383868398521cf50a086c1055e9451e4a2208de0083923 The OpenSSF Package Analysis project identified '@mc-xp/mc-monolith-js-src-package' @ 99.9.1 npm as malicious. It is considered malicious becaus...
Malicious code in @piewasm/pie-web-npm-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0784e4ad568cf85bee3ae36dde67ba090887b3f18f501a518cb24911fb7be29 The OpenSSF Package Analysis project identified '@piewasm/pie-web-npm-package' @ 99.9.1 npm as malicious. It is considered malicious because: -...
Malicious code in is-really-odd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f205432fff885dce7a6dee0e8d1267c65944d3e486abd566683caeaad833692 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in psxjson (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e35a394cc807b2caa1d45bd9b925cc8be925b3c77c6166e5aaccce5c157c025 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in paysafe-gbp-virtual-assistant-lib-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 940faf3ecfa6ee3c09c995a5f124d4a3b53bf2e2e5eaccea8156ce7bd25494eb The package paysafe-gbp-virtual-assistant-lib-fe was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in chai-as-attracted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc726eb0d6a986c4aa12ce23076c18cffa97d0f840303cac65d06415b42e1f70 The package chai-as-attracted was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-vec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...
Malicious code in paysafe-gbp-virtual-terminal-lib-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8437cc0ad1a14bf5694e8b5fbc17a0616033c1c473c6e71f46684172bc122ab3 The package paysafe-gbp-virtual-terminal-lib-fe was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in tarpackage (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 32df873f7d91846104a4637b94b2816fea2023260d81c2ecbc5f3c6d5b6a934a The package exfiltrates env variables during installation --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in identitysecuretokenserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2704e731d0b82aa5927cf3713f741111b03fe8efb2d886cb0ef472a24705c5e3 The package identitysecuretokenserv was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in vfat-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 98a606c66789ae1326b7e1802465d1650ef2c691821578936448f403ec421bb0 The package exfiltrates sensitive files and env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in vfat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 625cd870f2a5de965448b7d69832d398b1bf789babe34a594e8724c5bc42ef48 The package exfiltrates sensitive files and env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in @apps-home-dashboard/events (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc0d8563d3400388ed59cbe3c7f24298ca289895f3633ff4cf1f179d82cda799 The package @apps-home-dashboard/events was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @openclaw-cn/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 808f63e2460f19f5e3d3bd28745eaeb5f17a47226ad02c681e11069cd632765d The package @openclaw-cn/cli was found to contain malicious code. Source: ghsa-malware d44ce935cfbfa6f605998045f46eaa7a822658868ff8d774097bf02185e78a...
Malicious code in @cap-js/openapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243c059793e8b277fc77959046b7b064cb740d568fa53e4d30b9075660d9dab5 The package @cap-js/openapi was found to contain malicious code. Source: google-open-source-security...
Malicious code in @openclaw-cn/feishu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72acc504960341d0f2a0b6ba0a82ddc76c32b683b772d8a95a4d7193abe5760 The package @openclaw-cn/feishu was found to contain malicious code. Source: ghsa-malware...
Malicious code in @openclaw-cn/libsignal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85fb1bd455a85140d13ec5cb826c0f8c6164c87a6eeacd72f7fc525440b76f24 The package @openclaw-cn/libsignal was found to contain malicious code. Source: ghsa-malware...
Malicious code in @starmind/collector-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33a028c205d18a30d3ff150b1653336fefa0ac86a6e5242811b6fb2c3283af21 The package @starmind/collector-cli was found to contain malicious code. Source: ghsa-malware...
Malicious code in openclaw-cn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98bf501cd2484b70d4811afe69007c54a9a94bcd9c137c0782a0c610a475b434 The package openclaw-cn was found to contain malicious code. Source: ghsa-malware 8f29660ec3d5b6462ff4857bf0696a14fbcf401d5f3a074376b0c9840b380612 An...
Malicious code in @openclaw-cn/toutiao-ops (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45eaa4686498502462c3ae8965153661403eedcea111d373214d99d76d433b92 The package @openclaw-cn/toutiao-ops was found to contain malicious code. Source: ghsa-malware...
Malicious code in vfat-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ee0462aa0f5350c9bd21ced3b826fd647a29c72be05f97f21df514c459cc775a The OpenSSF Package Analysis project identified 'vfat-tools' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in sickle-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cf0ce8be09572968ecc56d1879825b49624c7346a7391f203ea27e9ed0805674 The OpenSSF Package Analysis project identified 'sickle-wrapper' @ 0.2.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in @antv/g-web-components (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/wx-f2 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-pattern (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/f6-core (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/s2 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/lite-insight (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/l7-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g2-extension-3d (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/istanbul (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/x6-plugin-dnd (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/x6-plugin-history (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g6-element (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/vis-predict-engine (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/d3-interpolate (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/thumbnails (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/my-f2-pc (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/webgpu-graph (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/gi-assets-galaxybase (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g6 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/t8 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g2-ssr (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...