→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
52
patterns
34
size
35.0 MB
versions
292
AUTO-PUBLISHED/npm/
ethsmith@1.0.0
by webpalms
Unified Ethereum dev toolkit — Ganache-compatible API powered by Foundry (Forge + Cast + Anvil + Chisel) with LevelDB persistence
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
55
patterns
16
size
13.6 MB
versions
6
AUTO-PUBLISHED/npm/
@xemahq/kernel-contracts2 versions·0.2.0→0.2.1
by edup
Consolidated Xema OS kernel wire contracts — pure types + zod schemas for the 32 kernel protocol surfaces. One package, one npm scope, wildcard per-surface subpath exports. No framework/runtime deps.
steals →npm tokenAWS keys
reads-aws-credschild-process-spawnreads-npmrc
weekly
—
/wk
h-score
64
patterns
3
size
2.1 MB
versions
3
AUTO-PUBLISHED/npm/
@jacob-ebey/almostnode@0.4.0
by jacob-ebey
Node.js in your browser. Just like that.
steals →AI API keysChromium logins→ sends tohttps://github.com/macaly/almostnode.git
The Aztec CLI `aztec-cli` is a command-line interface (CLI) tool for interacting with Aztec. It provides various commands for deploying contracts, creating accounts, interacting with contracts, and retrieving blockchain data.
Aztec is a package that allows for a simple development environment on Aztec stack. It creates a Private eXecution Environment (PXE) that listens for HTTP requests on `localhost:8080` by default. When started, it deploys all necessary L1 Aztec contracts a