⚠️ New threat detected: docs-component-size-limit-dialog@1.1.0 ⚠️. The code executes system commands and sends their output to a suspicious remote server, indicating potential malicious behavior. The code is not obfuscated, but it poses a high securit.

⚠️ New threat detected: @​zalando-internal/z-shop-ui@991.0.1 ⚠️. This file harvests system details (os.hostname(), os.userInfo().username, Windows domain and admin status via child_process.execSync, platform and __dirname), globally disables TLS certi.

⚠️ New threat detected: nyc-config@6.1.0 ⚠️. This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.

⚠️ Malware removed from npm: backdoor-client@0.1.28 ⚠️. The code is designed to copy a suspiciously named 'backdoor-service-worker.js' file to a parent project's public directory. While the code itself does not exhibit direct malicious activity, the '.

⚠️ New threat detected: ikyy@4.0.8 ⚠️. The code exfiltrates user-provided JavaScript code to a suspicious external server at sl[.]rzkyfdlh[.]tech without user consent or transparency. The function accepts JavaScript code as input, URL-encodes it, and .

⚠️ New threat detected: revo_ahahaptcha@1.0.4 ⚠️. The code is intended for bypassing Roblox's captcha system, potentially for automating account creation or other automated actions, which may violate terms of service. The code also disables TLS/SSL ce.

⚠️ New threat detected: fca-anjelo-remake@40.0.0 ⚠️. The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of pa.

⚠️ New threat detected: namira-account-reactjs@1.7.2 ⚠️. The code contains potential security risks due to insufficient input validation and handling of sensitive user data. It is crucial to review and improve the input validation and data handling me.

⚠️ New threat detected: nyc-config@5.7.0 ⚠️. This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.

⚠️ New threat detected: @​indigo-multi/fonts@3.1.2 ⚠️. The file gathers sensitive environment details by calling os.userInfo().username, os.hostname(), and process.cwd(), concatenates them with pipe separators, converts the result to a hex string (tru.

⚠️ New threat detected: phone-mockup-react-js@1.0.2 ⚠️. This source code is malicious malware that performs data theft by harvesting sensitive browser and wallet files from the victim's machine and exfiltrating them to attacker-controlled servers. The.

⚠️ New threat detected: @​airslate/front-locales@9.9.10 ⚠️. The code appears to be designed for collecting system information and secretly sending it to an external server via DNS requests, which is a common tactic in data exfiltration and malware com.

⚠️ New threat detected: coin-hive@1.9.0 ⚠️. The code embeds a cryptocurrency mining script (CoinHive) into all served pages, constituting cryptojacking malware. It serves a local miner.js script with an incorrect content-type header. The behavior is m.

⚠️ New threat detected: @​pwa-ib/eslint-plugin-compat@1.99.99 ⚠️. Package was removed from the registry. This script collects sensitive environment details—current working directory, package name and version, system hostname and current user—and encod.

⚠️ New threat detected: json-log-stream@1.0.12 ⚠️. This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information including al.

⚠️ New threat detected: vite-tsconfig-log@1.0.6 ⚠️. This package was removed from the registry. This obfuscated JavaScript module uses Node’s os and axios libraries plus dynamic imports to:. 1. Retrieve the machine’s hostname and user info. 2. Fetc.

⚠️ New threat detected: autodraintokentarget@1.0.2 ⚠️. Automated Solana token draining malware that continuously monitors a victim's wallet and transfers all SPL tokens to an attacker-controlled wallet. The malware operates by connecting to a Solana R.

⚠️ New threat detected: outdoc@1.0.1 ⚠️. When the environment variable IS_OUTDOC is set to ‘true’, this code installs a low-level async_hooks monitor on TickObject events to intercept HTTP traffic. It inspects internal Node.js HTTP stream buffers and .

⚠️ Malware removed from npm: vite-tsconfig-log@1.0.10 ⚠️. This file contains malicious code that operates as spyware and a remote access backdoor. The heavily obfuscated code collects sensitive system information including hostname, username, public I.

⚠️ New threat detected: @​epic-typeface/brutal@2.944.0 ⚠️. The code is malicious and designed to stealthily exfiltrate environment variables via DNS queries to a remote server. This constitutes a serious security risk and data theft. The obfuscation t.