Lucene search
K

226511 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:26 a.m.9 views

Malicious code in pkg-fallback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ea590e70f499f40938e093cd6a09a13b95030872968b5d325fee8a595f31c Package advertises itself as a small string-manipulation library trim, case, pad, wrap but its install-time behavior is a dropper. package.json...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:25 a.m.9 views

Malicious code in express-mocha-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d87351be0d9f68d73ec05867e55fe5712d4885fa76c70c5ec9b003ef512825 [email protected] declares a postinstall lifecycle hook that loads the package's main module, which calls fetch against an anonymous...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:21 a.m.6 views

Malicious code in @epic-common/observability-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d7457ccefffe2de1f0464f21ac2eadfb981be593d2b34ceb0d5cde1174da0b Package targets the private @epic-common scope Epic Games and is published to the public npm registry as a dependency-confusion vehicle. On import of...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:17 a.m.6 views

Malicious code in yandex-geobase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6219d513896736aee31ce33719d6ae2d1f5b03293ecdfe884d944bbb3eb99a [email protected] squats the internal-sounding name 'yandex-geobase' and ships a postinstall script that performs an HTTP GET to a hardcoded bare-...

6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:17 a.m.6 views

Malicious code in react-wp-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 443f37b7957fe3f1d4dd836b3a0e6eeddb513e334700e0c0a4616570071c13d8 react-wp-viewer 0.2.4 is a dependency-confusion package. Its postinstall hook performs an HTTP GET to a hardcoded bare-IP endpoint at...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:9 a.m.7 views

Malicious code in date-uuid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58dffbe61370f78deed5bacbc8f6bc46a8a989f03da218643a41b52ed025fa6a Package advertised as a UUIDv7 helper, but on require/import it auto-invokes extractDateISO in bootstrap.js, which reads README.md from process.cwd,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:0 a.m.8 views

Malicious code in eslint-commit-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fc51e200a141d1dbbb4f7eb9e5e3dec18507572e5dc9562278713c554fad195 The package is published under the name eslint-commit-parser but its contents are a verbatim copy of the supertest HTTP-testing library — package.jso...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 3:20 a.m.5 views

Malicious code in @uisp/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e841054b9f1d1625077178da23e8096c345ff196851058742d4903747d1461ea Package published to the public npm registry under the @uisp scope at version 99.0.1 — the canonical dependency-confusion shape organization-matching...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 3:20 a.m.8 views

Malicious code in rebrandly-domains-digger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 3:20 a.m.7 views

Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 12:0 a.m.3 views

Malicious code in ulid-xyz (npm)

ulid-xyz is a typosquat of the popular ulid library sortable unique IDs and is a cross-platform Remote Access Trojan delivered via a postinstall hook. The package.json postinstall superficially looks like an inline node -e guard that checks for the existence of a dist file, but it actually launch...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 12:0 a.m.5 views

Malicious code in @digitalcnzz/embedded-sdk (npm)

This npm package is purpose-built malware that exfiltrates host information and environment secrets. It runs as a postinstall hook the keyword "postinstall" is obfuscated in the code and bails immediately if npmpackagename is unset, confirming it only fires during npm install. After a randomized...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 12:0 a.m.5 views

Malicious code in @digitalcnzz/commonmodule (npm)

This npm package is purpose-built malware that exfiltrates host information and environment secrets. It runs as a postinstall hook the keyword "postinstall" is obfuscated in the code and bails immediately if npmpackagename is unset, confirming it only fires during npm install. After a randomized...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 12:0 a.m.4 views

Malicious code in @longzy/react-native-polyfill (npm)

This npm package is purpose-built malware that exfiltrates host information and environment secrets. It runs as a postinstall hook the keyword "postinstall" is obfuscated in the code and bails immediately if npmpackagename is unset, confirming it only fires during npm install. After a randomized...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 12:0 a.m.5 views

Malicious code in @sailing-package/core (npm)

This npm package is purpose-built malware that exfiltrates host information and environment secrets. It runs as a postinstall hook the keyword "postinstall" is obfuscated in the code and bails immediately if npmpackagename is unset, confirming it only fires during npm install. After a randomized...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 9:50 p.m.10 views

Malicious code in skillspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c77584b4e40db9023ca0b8a90fa1bd611c859ed486f99ca3a7c9a83dbfa9877 This package presents itself as a redistribution of NVIDIA/skillspector pyproject Homepage points to github.com/NVIDIA/skillspector and the source...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 4:55 p.m.10 views

Malicious code in tdata-grabber (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b4c3b37df5e3d08d7bc6ad736e0231ed0dc655640ffdf0dc403f4029ace2787 Package name explicitly declares its purpose as harvesting Telegram Desktop session data tdata directory. The tdata folder contains live authenticate...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 1:5 p.m.5 views

Malicious code in lc-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81ca324fdc9c4ba5536abcd43972f1a506f4af99ace29447b66a17947b1b8606 package.json declares both preinstall and postinstall scripts that run node callback.js, so the callback fires automatically on npm install with no...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 11:3 a.m.8 views

Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:2 a.m.8 views

Malicious code in polymarket-clob-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d67023e54ba355e9c82fd2a05d2d2448657a3ea9415ff18d3c4669a9fc0afb42 [email protected] ships a postinstall lifecycle script that performs an install-time remote-code-execution drop. On npm install, the script...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:1 a.m.11 views

Malicious code in livekit-agents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5abf921f58c69745fee91e812853b493a282f3d42f55db38516ba54b827ea35b The unscoped npm package livekit-agents advertises itself in README as the official LiveKit Agents SDK and links to livekit.io documentation, but the...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:1 a.m.9 views

Malicious code in pkg-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f4ccaa9f059318782cd3b811f5bd6ea926e267e4b05dc4971d6acc6687d5d4f setup.py performs an unconditional urllib.request.urlopen at install time to a hardcoded plaintext bare-IP endpoint...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:1 a.m.6 views

Malicious code in @k18n/creatormarketplace-admin-language (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6213acbcf6c562c8a7690e6018490d502d8df9377a2ed85c5bca9d828ed261c8 Package claims the @k18n npm scope used internally by Kuaishou and publishes at version 99.0.0 — the canonical high-version dependency-confusion shap...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:0 a.m.8 views

Malicious code in insomnia-test-util-m4gester (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af3f61639cfac47d91b75ec177ce18a07c29535b0f39806a286093e739494c8 Package ships no functional code and exists solely to execute a shell command on npm install. The postinstall lifecycle hook runs echo PWNEDBYDEEPLIN...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:0 a.m.6 views

Malicious code in insomnia-plugin-poc-m4gester (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0eb7024d158c345559d9f130ba3a6b52563328467ec6bb560e196e5c7bc9b955 package.json declares a postinstall lifecycle hook that runs a shell command writing a marker file to /tmp on npm install "postinstall": "echo...

6.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:0 a.m.5 views

Malicious code in insomnia-plugin-poc-m4gester2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b2b63f22e7d0d8f23c608a3c109163e06e2bd6a1dd716305e0d8adaf6be6b86 Package ships only a package.json with no plugin code, declaring a postinstall lifecycle script that runs echo PWNEDBYDEEPLINK /tmp/pwned.txt on ever...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 5:59 a.m.8 views

Malicious code in anthropic-internal-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab3bb04aee6f5f1d8768b7fd2173cd7c0cac18b5d83d6a83cf2be96a7512d8f7 Package name impersonates the Anthropic namespace and ships a preinstall hook scripts.preinstall = 'node index.js' that executes on every npm install...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 8:52 p.m.13 views

Malicious code in discord-token-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd016cfcb52b59c0141268099b96c1336a15ca1d0afce46f367c7fe376f57de discordtokengenerator/init.py imports tokens.py, which instantiates TokenManager at module load. The constructor calls notin, which concatenates eigh...

5.9AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 7:12 p.m.9 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 2:21 p.m.12 views

Malicious code in ryan-pdf-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3d966501b5f533318c26b54887cd29b3cd6c9495035a0f74519ba349357e3eb [email protected] is an empty stub package index.js exports whose sole purpose is to deliver an off-registry payload at install time. Its package.js...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 9:55 a.m.13 views

Malicious code in react-editable-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35fd7baa18320cbcaf6fbb6fbabb6139dd48264cd1f09d0461a8877c1f873f On npm install, the package's preinstall hook runs node dist/index.d.js. That file base64-decodes a payload which fetches JavaScript from...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 3:48 a.m.13 views

Malicious code in crossmint-wallets-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 2:32 a.m.9 views

Malicious code in chai-as-persisted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:41 p.m.8 views

Malicious code in @osmura/treeify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4643c1f27e4916ea6090f1e6196c980fa1d65b96899a80b1f57633eaf16a61a9 The package republishes the upstream treeify library Luke Plaster, repo notatestuser/treeify verbatim under the unrelated @osmura scope, preserving t...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:40 p.m.7 views

Malicious code in express-initial (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d292a4664135ed1869f907d62fb6472839ab54a59aedb2f3a88022a0c70095 package.json declares "postinstall": "node index.js", so npm install express-initial automatically runs the package's main script. index.js is heavil...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:19 p.m.8 views

Malicious code in db-query-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4928f7d380b79104d997e7666603726873158508c38d2c75a90c7529dd196be3 The package presents itself as a database query helper but index.js defines a method queryDBConnect that base64-decodes a hardcoded URL pointing to...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:11 p.m.5 views

Malicious code in db-rake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5a0d966d760dca0783a79eb150639ccfaf01aac944481e793dbcb7d7669983c When a consumer imports db-rake and constructs any Model, the package's resetor method silently runs npm install db-dx-connector unpinned, no-save:...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:8 p.m.5 views

Malicious code in db-plog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 961a6a108104105727b81399e6a3a6d56636cb79ae8fbfbbc33528f90d890d99 On every Model instantiation — the package's documented primary API — dist/index.js executes execSync'npm install db-connector-log --no-warnings...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 8:35 p.m.7 views

Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 8:21 p.m.4 views

Malicious code in @krentzen/buffer-reverse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b7fccd6dbb7ba8a92be0bcbb002f92c43ff0c5e4bb82666589834a7be69e6bf @krentzen/buffer-reverse impersonates the well-known buffer-reverse package it copies the legitimate author, repo URL, README, and the genuine 10-lin...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 8:13 p.m.6 views

Malicious code in gptmini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb05abb3d36b111df4aa8fe044cbf05a431a0778e90d022e1621494c1506a171 On npm install, the package's preinstall lifecycle script preinstall.js, declared via scripts.preinstall "node preinstall.js" shells out with exec'cm...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 7:1 p.m.5 views

Malicious code in disksweep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a2c10aba7f3468458529214868e2d8acd9717eb7985c47ab10cf4aed64f87c The package ships a 2.9 MB Windows PE32+ executable at bin/native/parser.node sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 6:24 p.m.5 views

Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 6:16 p.m.4 views

Malicious code in react-dynamic-table-compenent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55ead8b66faca1e08b2babafa252da2371b535c010a5c14d8b0d0e2a44aadf8 Package name misspells 'component' as 'compenent', a one-letter typosquat of react-dynamic-table-component. The package's postinstall script runs nod...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:44 p.m.10 views

Malicious code in chai-as-assured (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd28efd7a3d07f87ec22556cc25a8c07117fa4cdd237c6cb1db750c976a11836 chai-as-assured impersonates the popular chai-as-promised package matching README, author, and API surface. When the exported plugin function is...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 4:56 p.m.5 views

Malicious code in xrblocks-remote-control (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e20199ccf4c5557bf9d6bd0f17f0f74b47aa54389f22247523fb9145ef29def Package xrblocks-remote-control ships a bin script that, when invoked including via npx or unintended resolution against the xrblocks name, POSTs the...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 3:45 p.m.6 views

Malicious code in react-dynammic-table-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 3:42 p.m.8 views

Malicious code in @immobiliarelabs/backstage-plugin-gitlab-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096fc86987f4a25a5fb6572968e0c7309d71ed3e6ab16c239427de98c7d30ae7 The package ships a binding.gyp at the package root whose contents use GYP command-expansion syntax !... inside its targets/sources fields. npm...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 3:42 p.m.5 views

Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe41ed7d4257171c43c1047d7fde036575b57305b26d18cec61d1f1a20d33b1 The package ships a binding.gyp at the package root containing GYP command-expansion syntax !... in its sources/targets configuration binding.gyp lin...

5.9AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 3:42 p.m.5 views

Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e447b204a3dbe39ad2390ad721dfc14f32b64e2c27d8b4efaf99a27e9cde7b92 The package ships a binding.gyp at the tarball root that contains GYP command-expansion syntax !... / !@... in its sources/targets configuration...

6.5AI score
Exploits0References5
Total number of security vulnerabilities226511