npm

@marketfront/dynamicpageparams @7.0.0

Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC

Malicious

OSV ID

MAL-2026-6776

Ecosystem

npm

Summary

Automated tracing of this package's contents was withheld by an upstream content filter, and no a static rule findings are available to corroborate a specific attack fingerprint. The content-filter signal is suggestive but, on its own without concrete traced or static evidence naming a specific installer-harm behavior (exfiltration destination, credential path read, install-time fetch-and-execute, backdoor), it does not meet the bar for a published block verdict. The package should be manually inspected before use: review package.json lifecycle scripts (preinstall/install/postinstall/prepare), the module's top-level require/import side effects, and any bundled or minified JavaScript for hardcoded network destinations, credential-path reads (~/.npmrc, ~/.aws, ~/.ssh, environment scraping), or remote fetch-and-execute patterns.

Source: amazon-inspector (514b19e5c1b1245c9c2a18b89858e78e48cde1170365d2e033d128491234e36b)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.