37 matches found
MAL-2026-4670 Malicious code in skills-detector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...
Malicious code in comet-auth-html-webpack-plugin-request (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5b037c3a10e0eb5d63054a411dd6a2daeb791121c669593b5602687a52454b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180444 Malicious code in teate-thy-sonic-govetu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e400349dd423c649a63e2abe31907bdf9249606861683dae14543a56685ff6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avminh-afaais-fifa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c91e9fc414ab2065cab9366f5add0ce960145b8f85a22c6c6b94a18db8440b7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-163440 Malicious code in nokire-sekiya5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16aee50e16b6f56ea218ebde41cdb807fbef134bae86b51211fd34f7334c9bde This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in delphinus-jwt-vega-style-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d56a0489e227f87a51124ec28f0433242c31269ba85105ff53e90fe143e98125 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143419 Malicious code in husky-global-lint-staged-callback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f4d5f79c4d1a26757a542e6f25f54750d63a47fed852f3fc6decaf700d2b8cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140525 Malicious code in centauri-configstore-postcss-mutation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7884d5cdca9b0f38e3eb11d3efc5f961ddf4fbca8e34096b1733d24e491d6bbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147296 Malicious code in request-iota-mensa-weywot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f18ffc111b127bc95ca4640bfddcf8407cc9edca0f97c144e96552f2a1969318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in stable_mammal_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a4604a1826d54b7bc541e0631babd48b1612336836bf404c83038ddc5ba0e95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dewanto-buburayam8-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49a6b973bc3fd8765f5127c65c9a40c3ae2cb55895502c1245ebbefab9ba00e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lisa-rendang44-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a661169ae218b5c78a55be8db3598ce1e9a1098c119a9400f995136b4bd12bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-129077 Malicious code in ogi-empal53-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e005261bc2dbbd29adae45262dc8cf36050a7b41944e3b830a01f7914940fd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-115595 Malicious code in lutfi-kripik40-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b50d2f50e3ea23454d6284ab48da65ff4bc5b22501270dde3e72c66f0261c07a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hadianto-serimuka7-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9e2adfc1e29eae942dd62c49797ba7e24c7970eaf2f8c90e1f1554cd9439dbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-105882 Malicious code in misleading_catfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6671a6fb693d5963c094d2610b417ea9869b8349107785974af55a960c681775 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-105202 Malicious code in liquid_donkey_0xrequest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29604ae48eddff7f00afff5ded42679896d7179a785b5be0ce12ce7c546d36a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-107615 Malicious code in qori-sroto43-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d0953b2c303a9c0c3c0e709cbf2b6e7f64f07d04aa558cc50f6db59ff8d5c96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in peaceful_amphibian_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8932f83d84a6d6e9c730e2cca8471862e1b7c70e4656beef1ccbecebbf66497 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in territorial_dog_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a311f875c6ecae863f6f86600234dac9e4a9adc2cbf167f8dca8a1600d8cb539 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...