81 matches found
Malicious code in @car-loans/deal (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
MAL-2026-4932 Malicious code in @cloudplatform-single-spa/marketplace-main (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2025-187992 Malicious code in mesosphere-nanotechnology-got-scorpius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51ddaebeed905bd3e4d2efb4932a9094e6dada95ad1d5541fb3cc456209d2d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in index-load-rain-gamma-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d20949a738fe2df26f0b836a5b31063479b6418c708853c3d50f681b0d06dbc9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185843 Malicious code in blackhole-jupiter-spectron-webdriver-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1990d42487cdd6a4de6dd5f0cdff5a1a1751c2f65f643b9dc21407c36ed0ee3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185084 Malicious code in sonic-ks-ahagfua (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53890a966b324c94532d0d4d4bda7de02cc717eca2172f260c912b79f0ca9bd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178500 Malicious code in sahuar-satidaf-fab (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86af7d383b6e44dba730a9bcee571a4efb12e05d0cafaaa8a5bb3844484840ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tanura-sui-dafu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6dbe6945cffd73663d1638a5b13e4d6adb70b5101d45eecf69a6b1f0dea27f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-172368 Malicious code in hereis-maniac-tanbu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9380ae541884a909cf86587fe05fc2dc7b4ab137dea2665fad39c509eaf89524 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in carloshenrique (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fa5ffc8bccf121ecbca5da41ba11811e9a1dceaed15d95e0529cfa5a9bc8ecd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-171392 Malicious code in jacobphillips (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08911b41f2ca716828b7d1ddcba022d721aae2f9a52eb62a320f71b15ad9264c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-160860 Malicious code in mundyas-nutryui-riadya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b548d5bfef333d4362e5f325f31962055b461905c8aa40735c33599e83a00dde This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cinta-84 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97dd5f585b8e286d947e458fe4b771e06b093b6a6a252a51f7796f0347d4bba9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dajouka-reta-tac (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9ed8241b5d9e5aa96f02af1ae354f15e04c2c311976c9f48236de8c7477d537 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in diago-kulp-kabamkuloloi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ff55344787ac077f8758ceace865a2ad795d3fe619ae35ba7a6f7ae7f3bff3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nabuf-oguof-dusaboui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3dcedb18150479b1abbae98c7d6b94b3194c3a7f99631f55e6468365c68cc81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-arhani30 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dcd36820c08cfe1a381ac49083be86800eebaf2961f9fc2f26635a78eadd802 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-162051 Malicious code in neda-fofiri-agoai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5478a07a5e3317b9c2e1e70402bc0d5a46d502e61f605be5b5d10ad0a2a7dadd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-150216 Malicious code in @mipta1/sauspf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a12ff3af3595843730297a60647948f1ebb849abaae9f7250ff40b49f2ae38a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-167445 Malicious code in teagood-nalikami45 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca9c1489b984f246612a3e213100b430bddc6f1172af0fa3f8f16e41d292b796 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...