VYPR
← All malware advisories

npm · Malicious package advisory

Malware

@apps-home-dashboard/events

MAL-2026-4160

Malicious code in @apps-home-dashboard/events (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (cc0d8563d3400388ed59cbe3c7f24298ca289895f3633ff4cf1f179d82cda799)
The package @apps-home-dashboard/events was found to contain malicious code.

## Source: ossf-package-analysis (b208b3ed7669bf037cc7d23b872abb052bdb075dd157b0f2a18d4ce4a0a4f50b)
The OpenSSF Package Analysis project identified '@apps-home-dashboard/events' @ 11.9.1 (npm) as malicious.

It is considered malicious because:

- The package communicates with a domain associated with malicious activity.

- The package executes one or more commands associated with malicious behavior.

Compromised versions (1)

  • 11.9.1

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.