Malicious code in n8n-nodes-json-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48c4e3ce64e72a6b818d69264d998a333db6081ac74c9335a9f33ece5434dbbc The package n8n-nodes-json-helper was found to contain malicious code. Source: ghsa-malware...

Malicious code in n8n-nodes-text-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8561abc8b8800ed722b922924d4f46013117dedc5153d4faa18ecfa7f839106 The package n8n-nodes-text-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in n8n-nodes-xml-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72bcfbf156c4f649a0f1bee9fe86ea767c5ff6edb02fca89a95569143d7ebf96 The package n8n-nodes-xml-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in n8n-nodes-csv-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 011372ed1f40a4259802291679f8db573c8435e904c38e02482b4589d16c60c7 The package n8n-nodes-csv-parse was found to contain malicious code. Source: ghsa-malware...

Malicious code in supplychain-security-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2655712e00f8c5bf90b5a945bc60c2fd3c109d2719ec7b161114f86343741ee1 The package supplychain-security-demo was found to contain malicious code. Source: ghsa-malware...

Malicious code in hariprasath (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b76de996c85f413b2169be46799cbd7dcd1d32a23eb303d0b17ecccae1b10011 The package hariprasath was found to contain malicious code. Source: ghsa-malware df15d2b2f2032416b2715e63515ca04b9bfeb6129516f9fa92d3a633942d07cc An...

Malicious code in @jaime9008/math-service (npm)

Package classified as malware due to code obfuscation, use of eval for code execution, and a low number of published versions. The file lib/lib.js contains same obfuscated malware dropler as malicious react-refresh-update package, the author is same for both pacakge. --- -= Per source details. Do...

Malicious code in changelog-logger-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7df10f389f394a16d448bc3f80b0b77a100506b76590ef476e6b688e59d62d9f The package changelog-logger-utilities was found to contain malicious code. Source: ghsa-malware...

Malicious code in polymarket-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6c5cc93272b23bb8876a4c2f2ce61ec7887bdeb6b89846a0c385022a156c6ca The package polymarket-validator was found to contain malicious code. Source: ghsa-malware...

Malicious code in pretty-changelog-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b9f609acf299244364375bad1f58bc65eb5c8b17ca7e9bc92de94aff7e975c The package pretty-changelog-logger was found to contain malicious code. Source: ghsa-malware...

Malicious code in changelog-logger-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e07f02cb66d1d05ebc1ce27c24e2a54922ecfdc8a1fba1117fc8b305026621ad The package changelog-logger-wrapper was found to contain malicious code. Source: ghsa-malware...

Malicious code in npm-demo-1112 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 997173ec7aa479e3f57733838a8d8923cd42b2a9b272936ae7798a8f3c7f3699 The package npm-demo-1112 was found to contain malicious code. Source: ghsa-malware dd67ca28466b78c5da65f0a98c71b3e3243c90641b4de5d7ccc3215dbb1a33e4...

Malicious code in npm-demoo-1111 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c2199a37f518fbd8345def58b16a83c07aaf6aae9b837f6ec6d96a179f97849 The package npm-demoo-1111 was found to contain malicious code. Source: ghsa-malware 12073b21cd21241e9d8a004221c9e22d323091d95e7b5b9bdde2f1b20883aea4...

Malicious code in trello-enterprises (npm)

The package is malicious due to a postinstall script executing a file that exfiltrates sensitive information to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a327d3918cfde33c4405296d7b5e2644bf1435d6532be30af21d41135d529ef The package...

Malicious code in react-refresh-update (npm)

Package contains highly obfuscated code with dynamic execution using eval, a strong indicator of malicious intent. YARA rule matches confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68cf0c0bd6ed2a8c07bc175b5c0cc7f86a49133e67dd5d8f68f37309c5f1a463 The...

Malicious code in internal-lib-vulnerable (npm)

Malicious package due to data exfiltration, arbitrary code execution during installation via preinstall script, and suspicious hostname. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b46f6c2b8b094dc4a9864676457c3ea2af565204d854ab4cf1eb27be87aaa878 The package...

Malicious code in vitest-config (npm)

Malicious package due to preinstall script execution, system info gathering, Discord webhook usage for data exfiltration, and error suppression. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d6cfc9315582e56556f40906f86a19927ad32b3826548896d1eaf23e0705243 The...

Malicious code in @wealth-common/font (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a56e089d98a2a90a0e20698b8e57be8f14e4999477967cdf1254cff0e51804c The package @wealth-common/font was found to contain malicious code. Source: ghsa-malware...

Malicious code in @myisrfn/baileys-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc229f53299b669d5c48d802a9d0a7766546ae0908e4b83ed04c51d34c97e482 The package @myisrfn/baileys-mod was found to contain malicious code. Source: ghsa-malware...

Malicious code in @sheniraid/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f232c1235fdee715d838e2f39abd6c3510308c313c075458df080ce28a4c26fa The package @sheniraid/libsignal-node was found to contain malicious code. Source: ghsa-malware...

Malicious code in @sheniraid/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec58e185ed8a16337c255a734dd403cfc5efd957a33d7a0f978e91721a69c8f5 The package @sheniraid/baileys was found to contain malicious code. Source: ghsa-malware...

Malicious code in es-lint-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cb77bc53967094108e0dec0e00ddd13bef1d74b3482d959c28c4fc13753cd49 The package es-lint-builder was found to contain malicious code. Source: ghsa-malware e4f62649e3a09df9cabfd19d23538447b0d8762de9506c23c5b27c4a6882967...

Malicious code in big-numben (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61c77ff6fcfee6f58a1a8a5a268bb6db596b9059b965e3bcfd58a88a197179e7 The package big-numben was found to contain malicious code. Source: ghsa-malware ae2b54e5805771f2bde8a32bc288306dc173a176a009f4309baf89672a9827fb Any...

Malicious code in graphql-request-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e85257ce18204d98a8a6181fa40a75d7feb91477b98f6b86ba89223a9f4e51 The package graphql-request-dom was found to contain malicious code. Source: ghsa-malware...

Malicious code in bignumber-tool.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81863c7d661d7e537eb4cafb3e74ae83b61483b4617c03f6a4283d34ce651102 The package bignumber-tool.js was found to contain malicious code. Source: ghsa-malware...

Malicious code in testpoc01 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6659b3a51b9c0a2a51085f5c9671114871ac5dfccc6917f74afdd6172aa0e9dc The package testpoc01 was found to contain malicious code. Source: ghsa-malware 317141d91ff4f1ed0410aab99492b3788e3951ef5a06d3fd1b83cec8d2745375 Any...

Malicious code in @omhc/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec8ea3d7c4e55ca61042360855fdfb951544cf58586c2f782e60ac9cef49c03a The package @omhc/libsignal-node was found to contain malicious code. Source: ghsa-malware...

Malicious code in omhcsilence-bails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f5390575abcab0cfc57edaae4aa14d27eab897c1639fab8a502fcda0760adc3 The package omhcsilence-bails was found to contain malicious code. Source: ghsa-malware...

Malicious code in @vtim/xss-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947e0af0661087703ab13fc4220ceff05dafffb94addd8243f90a86929beaf3c The package @vtim/xss-poc was found to contain malicious code. Source: ghsa-malware 20e54e730a6708f44f0828a03bf7ac5c9fb2c88074659d45570d90af289eca84...

Malicious code in vtimmmmmm-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f98c647bcb6a277d8ef94407b1287e79a9840e0956aa955ff01ea19778219c7 The package vtimmmmmm-test was found to contain malicious code. Source: ghsa-malware 7f04d92a8262ba75c225fb58633a5dfbe7c1d4a750b88f634dde448a81e13b63...

Malicious code in nest-moralis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568b91354492a39b40ca156221b4a94c94808517fbf09ae48954ba5da0febfd The package nest-moralis was found to contain malicious code. Source: ghsa-malware f5ebd5810f65b46e709e5d8a09a1b3a421a0aac599af1ef51e8bb433afddba48 A...

Malicious code in up2-daemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fc22b1546303513e047c5c729ec0f40a5880bf1dd5981592933c689f4cbf3e6 The package up2-daemon was found to contain malicious code. Source: ghsa-malware 4b6e1244d13ef29a84a4b55701182d9aacbd9feb8c6979534eb0493c28ab6e9a Any...

Malicious code in typescript-react-query (npm)

The package 'typescript-react-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-spread (npm)

The package 'transform-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-remove-debugger (npm)

The package 'transform-remove-debugger' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in @storylane/shared-packages (npm)

The package '@storylane/shared-packages' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-jsbi-to-bigint (npm)

The package 'transform-jsbi-to-bigint' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-simplify-comparison-operators (npm)

The package 'transform-simplify-comparison-operators' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...

Malicious code in transform-react-jsx (npm)

The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-property-literals (npm)

The package 'transform-property-literals' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-undefined-to-void (npm)

The package 'transform-undefined-to-void' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in undeclared-variables-check (npm)

The package 'undeclared-variables-check' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in filenames-simple (npm)

The package 'filenames-simple' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in es6-recommended (npm)

The package 'es6-recommended' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in no-type-assertion (npm)

The package 'no-type-assertion' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in monorepo-cop (npm)

The package 'monorepo-cop' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in jam3 (npm)

The package 'jam3' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com. During...

Malicious code in prefer-let (npm)

The package 'prefer-let' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in proposal-typescript (npm)

The package 'proposal-typescript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in react-you-might-not-need-an-effect (npm)

The package 'react-you-might-not-need-an-effect' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 serve...