Malicious code in @tanstack/solid-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1309e41e89af050fba691af97aead540f282665981835c46aeb4abc3180f0c94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5561f0a3c6cc70a2aee56f25476fadbba6cc833f55c0dde246737b99f38c9e8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-fn-stubs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e25d3624c39cfe3dae76a5630525e72d3f0fe2f8eb1bbb44a0ff17c3a39d4fe2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-plugin-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b587e79343875d24fc89fcc4df1fd24b25a111762b0a043ae2d01c30e34db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-server-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7db0631bb410a51551790c0b55b574d53aea5d7a677439e6f3cf877503317658 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-storage-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7021ac6b47d0f973f936ca9d15cd26f43a01b1151ce691ec8b10be5001be2bb This version of @tanstack/start-storage-context belongs to the @tanstack/ package family that was compromised via CI cache poisoning, with 42 package...

Malicious code in @tanstack/valibot-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25062244509cace2232407aaa71ca13d0ca2cf2c113e8e1dd19280694a3475cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/vue-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f7c609f55255a1ab5f7fc348536514f317d138538af5ec61ef4efc5a18b9014 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/vue-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 925332e137c53fc83198f6ce65ec615c060124cbd8d1a5b23b9186c6494dbfba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd6f7a2fea608220d5d0783a4762813d4200689bc99a551bca4304e2b681022 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/vue-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23dd073c586a2dad28ee9957fd8a3059bcbb261fbbb6a17e3b99a7145158ef8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1a01dce92fa9c8e2cf4d6107c13ae7ebadbf664d1b135b7075f050c32446b26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/vue-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a2e72fba4613219c26e8bfb79da1c3db3666a9e7dc945f1b064e95aa04a5ac5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/vue-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a01585c5903bfc477b8856810c151bd5dd0cdc04afe7c51b5710eae9b1fc366 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/zod-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b6bc07c0e2b0175dd6e6bd29157ea6967bb2bcb66f643f9dafd89ab77a9f6fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-devtools-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a4625c6f00a64d5f9c4d9fe41182c90a5d06c2a6cf72046d9a1e76d65295444 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 006982dd9591684fdcea74c0b70c7600a22bfc969bac6b9fb64f728e7ab34d80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 048a583947c3ecbeb540293e0de5d513e84f0ea2793ca31ee5d2a76d4f750ddd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-start-rsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-start-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8358ce998650baf1a9cb6bb602109da81268c43855ad0b16f892687cc89f104d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b329cb477cc0d977f9e8e6df59072ea002d6d041b99531596fbd87b8ff80aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c8db33bfb3bf19b736238a7e0895ecfd856e38c6e86d83f6eee8df6f5c13730 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2583e447a99e68ab9e3a7562a7a9693e1c09de387a824f47a07f325e3b5b4d39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/nitro-v2-vite-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f689866f0ed8e6cf47200b7bf613dd377c407e21d5ed6b2a0caf5252e822d8ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/history (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d40d7bafa18dd8987c0ee75b8ffccfc7db076f4521961472d0830ef93a03994e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/eslint-plugin-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b955b97c1476120c292ac6f7089a3d876161555205940838c49e6b09abe08e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/eslint-plugin-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff80f01eaa71625ecdc195880a0c0f1ef71da7fa81d01422abf9634f74b5d6be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/arktype-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00740c1707de87fdde677d596049a754c3269e6b54875d76eb4934a1368b7112 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mistralai/mistralai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23235945a2d68899f5fe2e6eafaefa0a98f2120697d41a40d26615e41aceb916 The package @mistralai/mistralai was found to contain malicious code. Source: ghsa-malware...

Malicious code in apkeep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d545ff7c3c178485cfb49d0028c4c808e67d0ee0fddcb4b7b195c943bb07d888 The package pretends to be a fork of a legitimate Rust library and uses the identity of the original authors. During usage, the obfuscated code targets...

Malicious code in cplace-bmw-emt-mvp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b6d2d57176a41f11e925988396ad8549efc86508c1cc13a7130871f48c15b33 The package cplace-bmw-emt-mvp was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in openai-spellchecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 13911c4c1e0334b4e4d972e3b3256a08f8991d3935d74086c252ed085d3984a0 The package hides code to download and execute a next-stage payload, which then communicates with C2 and listens for next code parts. In the analyzed version,...

Malicious code in crypto-javascri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f73f5a262aba7ba05c713d409646e419e998232fd536fd99c51750fa070699 The package crypto-javascri was found to contain malicious code. Source: google-open-source-security...

Malicious code in @mimecast-ui/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e59a7d55636b02d0a28954889c22f021de5b4f33c525ce7712706df60cd9af3 The package @mimecast-ui/components was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @mimecast-ui/charts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e603deff481f2fdd492adde6f7d1f060fa7aa7d15f63abc4cc43fa7782409705 The package @mimecast-ui/charts was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @cplace-workflow-fe/cf-workflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa219c5fdaf0ec8e6e0467fb1f23bfde9a07c18276187464062943e612848781 The package @cplace-workflow-fe/cf-workflow was found to contain malicious code. Source: ghsa-malware...

Malicious code in xxx-bale (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1109b5dc74c94551027044e54e20f9c1c18f89d53da6af87861ba4773eae1966 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...

Malicious code in mpkg123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 df9e0498d827adeb16ea11e4a1137133d2124f039942b776f7ac098a257cd164 If executed as a module, the obfuscated code collects and exfiltrates sensitive data, including passwords saved in a browser. --- Category: MALICIOUS - The...

Malicious code in xxoo-bale (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74ce2be8301ccea70138e307282fbf70ede26eede2a531296145f7d0da695b80 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...

Malicious code in byvendors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3ae01e4f5473c61cf7c26fdf51f64fa34c7f16451ce6c093a52fd85b79eff5 The package byvendors was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in dlocal-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9cfdf8d83ac7dc528caac3292d1b02ba162629b349789149fbbfcb7094f778b0 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

Malicious code in ac-sasskit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d0a627b8de0f6fc1b418dbc3f6242c1b3c4a0e39e5de9d6b70edce441d72db The package ac-sasskit was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...