36 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
EUVD-2025-134734
Malicious code in anais-papmoa-yama0paiog npm...
MAL-2025-180930 Malicious code in teate-thy-sonic-selwe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73ab9c0ad863c7f1263892cb683c7ba2d77239db174d1efe35251c704f9ee259 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-172726 Malicious code in affri-zidan-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66131e784783421656cc31ce8d41a75b1793f763b27b4402d9a0805a9512d0b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-141161
Malicious code in kapo-sadamuda-mimanua npm...
Malicious code in akanabi-aibia-bau (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd4087f82cfe1f0042e05e33c3f3d231764c7ef3ac274603bf0abdd30b8682b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-165325 Malicious code in sabua-muhasi-nafaya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85245fffe58a8419e7d1c42902b316b129ea2901a3e0c15c7e0ce9de1221f15d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-160890 Malicious code in munir-butya-tssyu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88d4f0a9ef3b70f69fd1fc3598e2702964262bcaf3af3d51969470aedac01e9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-genji82 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a605b701b64087beebe6baab1614d10ca4d2b64cd5c3f968081182d794f497f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teagood-manaki11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea7958219df62531a2155b133dd1df5b2494734e309f0f30d65dd05094275505 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155592 Malicious code in hafiz-36 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c322091041c59de02afc3628ca58be55afcfa4aa5935c82b551154f2922b836 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156430 Malicious code in inal-poke43 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41e5bacee1b992da06840ac54e8d5864152bc646d88b02bbca449a7806cd724b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tadashi-tssu-renew (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6818a8a99356bd1c1cf31a80787547b40ec89346fb2f08ccc41c38eb28f61294 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142975 Malicious code in got-aurora-altair-atlas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63d68a0461ad4916502c60d7cd2211f6b03c381ea1d81803a7a2a11aeaddc820 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in upgrade-flare-delphinus-nodemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 956297c6f1c0ace19000d0b1b21712bf30dc8a296ad24a20dd6af80560aee5f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in revolutionary-cyan-tahr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a24a4fc770dffd96796dfb947b21138e36338d3ba6abbb7baccba46f8c1120d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-138936 Malicious code in poor-sapphire-damselfly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65ee162fd526da4df56d69f605301ea0857b0794c46bb6f558559941d8ed7541 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fitri-rujaksoto64-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ca3acdd549265aca0d4f926930673667d6e490a736c5d58f6ea289e1db662b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in communist_grasshopper_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cbba07d998ab69ddc3505d406f056eaf5af784d3b73f89109417124125567dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...