232 matches found
MAL-2025-145655 Malicious code in nova-configstore-envconfig-winston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4ce7ba149dfab81053af19e5fda3cd4e6ef2373a58b40e024f4b6e06cd32a76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-149659 Malicious code in xenon-repository-radiant-configstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d46799f01c1add7c954c79d53f8c463356b37c7c7e01ecf694e3104e98508858 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-148189 Malicious code in spinner-configstore-lynx-rate-limiter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3ae63f9bdf59bd6c85aee247ecc80ee241e3e6ca01ddf21e3b29e53c823f97d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-141048 Malicious code in configstore-dotenv-safe-chakra-ui-corvus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f2f08d540754dbc9b32830614d963586b1c8b2127b590941f2f7003486f5ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-149224 Malicious code in vulcan-blitz-got-configstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f3a91dd5ac69a536e196591b1be2a0ab84547b5642fb5b934f4f6ba732d14a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143310 Malicious code in hermes-configstore-eslint-plugin-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b3bdc04af03af34bd15360b61efcf854164c41b3154458686a6e8af98453a21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146420 Malicious code in postcss-protractor-karma-configstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d16675a33058376a90e011bd1d015a37a8d8b845bea120f47975b1d70153514a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-113400
Malicious code in frontend-nuxtjs-configstore-middleware npm...
MAL-2025-148181 Malicious code in spica-terser-configstore-taurus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18813c3e1ff9705d5e8cc26b5c1dbbcfc10f8bda51eec707edc856eeba57da51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-124807
Malicious code in module-nestjs-convict-configstore npm...
MAL-2025-146363 Malicious code in polaris-repository-ignite-configstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae54010ef3eed19bcf96488eff384a8b20c5631c658cf381d8e92f2484cdaff7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139480 Malicious code in apex-html-webpack-plugin-configstore-polaris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 775b8b2c4b1d74cbab0589fdfa152118eaaf2aa7aa84d5514a8cd43e5d42bf6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142712 Malicious code in frontend-nuxtjs-configstore-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed224f2d4c4313c0bad8649b36a558e5a593b3dbbab706401a7a9e60a6208de5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146710 Malicious code in proxima-configstore-postgres-altair (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 780dcbaec41c4e20250e39de2cf359cc95f8977765f504674d4df2184b60f365 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143566 Malicious code in indus-hercules-configstore-wezen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d83c7c59ae73d562061dbf27cde47d80227afd7131763b615526a60ec5c807a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142214 Malicious code in eslint-configstore-transform-zenith (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96b2652a5d2256805c259c8f94e1244bdb3de2f2d085378bebf0f43237998140 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140716 Malicious code in chariklo-zenith-proxima-configstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4d16309eec2c4b68c617d8e3add8ee19c0b69ec68801ac360a1206f5773a74d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quark-socketio-configstore-remark (npm)
The package quark-socketio-configstore-remark was found to contain malicious code...
Malicious code in configstore-graviton-halley-polaris (npm)
The package configstore-graviton-halley-polaris was found to contain malicious code...
Malicious code in mongoose-quark-configstore-dotenv (npm)
The package mongoose-quark-configstore-dotenv was found to contain malicious code...