9643 matches found
Malicious code in leo-connector-mysql (npm)
The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in quantum-computing-less-loader-mensa-css-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eefb4c011996c06f58eda7e1840993e823cf3eddca4bdc92a366643fbc9da57c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yakutsk-luna-nova-triton (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1247a887e7b5c2f9fd964d4f486657e8b0b2f0cb3db19d32b6971e95515ac6f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cressida-indus-epimetheus-borealis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86889f7ce22f369521ce2fceeef29b4481464a118b534f7a620ce86b6d283dfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sedna-semantic-release-meissa-winston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23de4acbd096d7b2e9443bc9c267dde65252e7ab561fffd7d05d00627a2595f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in perseus-subscription-quito-uranology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5366b5b7b684a3e273fd85e0ab2aaaf8b1272bc3ab21fb5c112c75452dccd5a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sed-node-shell-long-authorize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47dbea484e2f034bcafe78fcff9695ca55f3168bd8a89e8c7efa26d6412c6720 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in html-webpack-plugin-multiverse-proteomics-blackhole (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f04dd975db833fdc723e01450c24356d92668375df821a448e8323c02bf11fd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in convict-writable-webpack-cosmogenic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97564ab9fc4db43f4230b9d93ccc412d62ff1b73b25e6ee7eeca8c3f4298df7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in taurus-heliophysics-commitlint-config-angular-superposition (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3142a8b96d0c8015bd6d17f6e9038ce57ea590fb830bea588d1c9105ba3e48ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in genomics-lightyear-mesosphere-wolf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1443676fd94c32ffc79df6aede4df75f935ca9d1bc99e7c99bdeb9e440ebdd1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in palynology-singularity-multiverse-writable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddf181405e98b25615c7f5560a96bf0c66c7f8b1fbac3fc96c374237655bfcd1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in superagent-spica-thermochronology-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ec50c246cc07218078e19d20338414379d5b01b601827c8bbfd161e1c47296d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in planetology-phenomic-accretion-galaxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 965e1b0010f33e8ea2e875abf1ccba954eb7ad0cac0ccb41e741e8016b3b5690 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in glaciology-wormhole-cz-conventional-changelog-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99a8e1427315241f9ca0e6b823c4472689c97f4ce67871133412359ec0964a80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in playwright-sqlite-neptunology-quasar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58da81d5fc794323ca39eade6fac2190d7362bfc3ea12fdbbd7e7a487f50081b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jasmine-cypress-gravity-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c35dd10a0b5c8d4d8b08bd196f82196d1f827f8aa2da53cab2ce753a17487cad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ora-process-config-public (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58331212cc0f05b5a88802d3bc412dea4831f6640dc60ac64b50a9c4de0a2432 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pm2-gridsome-playwright-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f83d04880b7d838f22954c6d4978d7d43413d986bd2f4471a604b357fa97e49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in luna-zephyr-hugo-fusion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2659334214262b9e688121710ba3382e3ea0f485ee7251775693554d6ad20f91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...