226511 matches found
Malicious code in ltididp1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 278c9a4afd25c2034f474bffb381f70aa233f7829ff2eee93122bb2ae4941c7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @finantix/webcomponents (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78f0e6feec707d8b1faaf2926aaeeb7ffc74ba086a917eecd010988211e91de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @anna-money/anna-web-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51ad1206f707247b245f3a828c780fbe27239f1fa15c8a90782617144669af5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gel-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10116e156a97ca387656f02710aa483d0fb1e35cd29a38dba3f4c323b7eb25e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @sumoinc/trashpanda (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e09b9154d541180251e27c886086d159c5bcfa3be869f0e756801cdbd5a4226 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cdocs-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e752c40246ae31a84c87fdd3bdc7ff7cd8eda3f7cb6765417917859a0edbd49a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cmp-api-stub (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64a5a4ba35daee6a6a7e344f853e6ab0fc54d4d39f3434bdd3cbc7e7f56aa766 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @gartnerx/gx-npm-messenger-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ac6847c5fe137311cfd7bd6bb167d54d860f11f57aa7bae17493e475f0521c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @bapiweb-ux/bapi-header (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2c2c473c5876f94206c048f4899a289ff49e2dadae9f1c4e99b77f9404eae80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wac-atl-context (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 134ebb06205351f90ad8f5b88029b397861c8fd42c9377b993efea372edfa0f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cdocs-markdoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ff30669e6865e9452d55575475e096c5d41948f0b4f294d903fd2ac54f38b0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @shopbop/api-models (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1e5f6c38f5d8b7befd57a2236e32bc2bc940467d300734af69b97f0b219cf2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in magwien.sys (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3a05966b663e2a0426f035a1af2b211624ee83152a91f6b257cbfa6f524fbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in player-core-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0125c3ddfa61335d33bb6254aa2542b3dc7d561dce6e8fdf7580b28b05cd710 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in rc-icon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6800b5e0006797aaa2ecc99cf3a214a4284520fd730699b82b855ff08136df9a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in app-hotmart-blog-headless (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d84025bf61426d455a22babbef859c4d8e9cd9d9312bd6c93dfcdb8ad5264db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in player-theming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e05a52956ea43decfbc163e23b0d1e03facc2d089ba9ec5182eecc322815874 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @grappi/automations (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfa70084df92420d9b31f4eb1da3b47bccc78cc677a9f6fb3ac242c857f2e925 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mcconnect/mcc-common-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be912fccd62d30a685cdb31baa7155b91a283043d74447d1d7099ffbaa73b1dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hrb-cas-auth-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccfa589a59f63f85fca72ce4582bfa37b0b480078b00627f1e1612e0a7d8d5d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pvd3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c992d4bd87c36aa389d168c263ca0b89c04b425b0483217ae1098a0c2f3ee10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @flipbit2-bb/scope-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21b4b4d5e8e72141828bf6df5afe2300f5b9496d22f8b05491623fd699496603 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in clx-cookieparser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fe4e10a5059e10daab1da62d3a625251bd2a87d1570966423f7ee26c49fff47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bundrix (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f853223051c1cb68bc005b827209cb844bcde568473a9ff819fb34fccb042d74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in authmatrix (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0498739156193df4fef53d5fffe9f44f8ebc36c95d31af384a5a287e891947a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in authsessionbridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5a26abcb9ddf24df87b49d98bed85bbcb21069aaf70f9768817a72698c9598e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in auth-state-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9eb562b8ac04806d5a9f3e9f68fa425cc502778670ad21b4124e8ee205da41ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vkzmn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a41dc023cd84c69935ac2c642d6cb9c187fb6bce9c18d226d785fba49e80e50a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in django-bkvision (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ced7d2a58351f0d92c7d11dbbf9de326ba96041f445cf607c0decba06297a5b5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in maplibre-gl-vue3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a46347c152553bd008255683dd927e5f25233224d3c6f1df6ae87533350b5815 The package advertises itself as MapLibre GL bindings for Vue 3 and re-exports the upstream maplibre-gl API, but on import it unconditionally injects...
Malicious code in endpointmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2ddbcbdd90508af14415a021644c1ab8a57e432b526425e4c5128b23f897bb endpointmap advertises itself as a REST endpoint registry but exhibits a two-package smuggle pattern. lib/registry.js exports two non-printable byte...
Malicious code in envfile-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 533d78538183c16b774f6e5783cc1059558ca712fd129da9666361088485e055 Package name is 'envfile-sync' but every user-facing artifact README title, bin name, homepage, repository, bugs URL, badges, keywords, CHANGELOG...
Malicious code in envfile-sync-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097a9a647e6d99cd53b881cae4fdd747d03b319388107c946c70b8804d3d917b On every import of envfile-sync-cli, src/index.js calls process.dlopen on bin/native/parser.node — a 2.9MB Windows PE executable sha256...
Malicious code in clob-client-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e5d9d8399e2b05081019def33eac48372a162c8c9a069c26d4225285ffe0a18 On npm install, the package's postinstall script fetches a JSON config from datasecure-service.vercel.app/config/clob-math.json, downloads a tarball...
Malicious code in ledgerflow-deploy-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...
Malicious code in loadutils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...
Malicious code in layerd-unit-codec-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e27d4511e4a3f335712736eebef6cf8e55e3f1bccbb13ded2fcef675622e58e1 Package is published as layerd-unit-codec-parser but its README, install instructions, and example imports present it as...
Malicious code in pino-debugging (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f34694171d099a29f77430359b02afb82c2333967feb1ec6e0bd845b98244b9 Package name impersonates the legitimate pino-debug. The main entry index.js requires a transitive dependency 'loadutils' that pulls a further...
Malicious code in openai-agents-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e On npm install, scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcode...
Malicious code in poly-kelly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...
Malicious code in checkmarx-claude-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cbdcac8329a6ad9662ef7af8e0f68cd616f5451dc0a1fce9d2bcab5a7943c8a Package name and description impersonate the Checkmarx security vendor checkmarx-claude-cache, "Checkmarx caching setup for Claude Fable access" but...
Malicious code in ollama-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...
Malicious code in int_sezzle_sfra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16242285e7dabb5a109f61e97ab52c05ad80ea9b8f326a706c3228268536e80d package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host reconnaissance from the installer...
Malicious code in stake-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a475d161b669ae748124a4d6c1da29ebda6e40da4aa5c3c5e8b10645ef96f57a On npm install, the package's postinstall hook scripts/install-check.cjs, wired via package.json scripts.postinstall fetches a JSON config from a...
Malicious code in lessload (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a5401aaa39f6562549f4fa8298e5bcee579987b837d2440565c37a8f5182dc6 [email protected] impersonates the popular debug package replicating its API surface, contributor list, and description as a 'Lightweight debugging...
Malicious code in yastatic-s3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b9f052f01ba026de50b8dd1c26ccb2fe661367414f9139676f94eccaa3b8c50 On install, the package's postinstall lifecycle script issues an HTTP GET to a hardcoded bare IP 130.49.177.51:18080 over plain HTTP, transmitting th...
Malicious code in @ibrahim1337/baksen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea195bd44e54cd1051fc279a0e871b02c15eea04f65c80979d756fa767f541b4 Package @ibrahim1337/baksen ships a Windows x64 infostealer toolkit that targets Chromium-family browsers Chrome, Brave, Edge, Opera, Opera GX on the...
Malicious code in @thone33/analytics-injector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcef0ea3fd19d9b238a097485faaf7db52d5aa4363653fd7fb29f4c0ff251f92 Package presents itself as an 'analytics injection helper' with a no-op track export, but its exported activate function fetches a JavaScript file fr...
Malicious code in @thone33/core-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05561d1a31165dab72c5090437ccfa7a85035a2b4fdf6a646eca59b62dd87120 @thone33/core-utils 1.0.4 is a loader stub. Its main entry index.js imports activate from the same-author dependency @thone33/analytics-injector and...
Malicious code in longzy-basic-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90336f7ef2177c75d9cf4a1872fe94504a382dfd1907e7617e0e06642f2dae67 On npm install, the package's postinstall hook executes .prepare.cjs, which collects the installer's hostname, username, platform, Node version,...