114654 matches found
Malicious code in ratelimitsucks6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ebbee718bfa55eada8a2d56c9ea228e7b661364827e71995fd456027df7eedb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-6128 Malicious code in abuden218 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e1df12b592dc442d5266d4244831fd0b6ceb94c0960a26815f5fad3246b828 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-5918 Malicious code in nottuff7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15a5e98054661d6eea29d8120457ffc7e00d7b516223a5fa6ec91355e9434652 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in registry-apex-seismology-ichnology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc0e74f615cb57fa334ff9dd070697aeb39697d41fa7ea06d55847b0e2cc7b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kappa-encrypt-public-rho-boolean (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 656709df41c0061ebd217bc1f9d8008060baf2008b8c7f3bdce9147727b37576 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in darkenergy-janus-firebase-chalk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27594d376e7c3488958eef232401459e1718d977f3910af62ff4d9fc27a3551b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in promise-jovian-cli-nightwatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce7920e2648fd98b014ba6e5691d3aaa8d488968c54a9a951d7f0f09354f62de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in entanglement-levels-leda-quasar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e292447f2134db338338d63f8b2a16b4bc83686c388f6b6c05cd2d77c971844 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tool-tailwindcss-cosmology-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 024cbd055f4aa386cbd24118ce725f651db3fc425f37acf6453c7e535d8d1d1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nextjs-shelljs-centaurus-singularity (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55363b3a5905f100f53657d0b726caa73dfb097b64c18ebd0409751dc343854 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in balance-public-new-object-nu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e4bc6026cbccdbd46d399f7ad4ad79e78e3f51369f9d5a0619d82b3a0f75f5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in emulate-signal-psi-void-root (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7161863c004244de5cbff28eb8280d1b4c29469e0d59d63306be032cb0dcbea3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ora-polaris-uranology-planckscale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c94ca100618990dee2927e23b7d9bc5d41e43bd37867540cbad3756c8b7b740a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in framework-release-it-fornax-non-blocking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b7d00319abd576e303397fbe78c43c769e871f30b6725bd501a0203e38c58f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chi-error-kappa-shell-error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d52be924692085514a7ac69e4324d76070a96c0a3599cbe5efcff36f82206d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in singularity-kuiperbelt-loopback-fermiparadox (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1afa76f7fe37851e702aa99f703e08b3365b03f94bca78843a30a75678da27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in delphinus-tool-sync-geckodriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 309471f78b1f61e3fba41e092a36d4ae761dc2439a6686d82cea711c93a982ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in polaris-juno-taphonomy-membrane (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57aadb0c6fc2fa048e9640b5186c58a3bf3c7e138f166b104d24916c8d7d6286 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in execute-java-short-cluster-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0078f37af1918262289019391ff05bf9d93d02c69489efe7d3c4cd18bc998f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yaml-iota-jasmine-norma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8425bb6b7f07910bd25a68dfefcdb32430f54afe0d64a10bd237cf2ec705796 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...