19543 matches found
MAL-2026-6136 Malicious code in ratelimitsucks6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ebbee718bfa55eada8a2d56c9ea228e7b661364827e71995fd456027df7eedb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in phoebe-sagitta-cosmiconfig-got (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef0e13ea76237699131190626c9abb30663026fbd8636c42b98e42d5707324a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in biogeochemistry-remark-module-cygnus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adae6019d62f9e018f84be98b737cae71b7abee0b11a6906cd18d6f03b4ca5d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in execute-java-short-cluster-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0078f37af1918262289019391ff05bf9d93d02c69489efe7d3c4cd18bc998f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in xi-minify-bundle-sigma-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0d9afe7d7141055c0838ad1a3d5294b15a110475b4a168a1ba8da29c0f3f468 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in meteor-meissa-airbnb-outercore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90614fd54ad4b93ad60971086709bbd736fc4d959596cc79df4ddb78e672937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cordelia-zenith-ganymede-mutation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52cc7a0b5ee7ab3c856d1daa1a376b8b8524151fc4f7a6b66551f0059afb40c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriverio-rate-limiter-wormhole-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 546a55ebdbc1b18fed5bbad6be8b757cfe2c4fa0d1f046a9d5deff7b296f6332 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webpack-xenon-relay-carpo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41180387bc28be755e6160e34bcf082bef42299a422d7d567cf3db2bca891872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in exoplanet-boson-readable-grunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2512ae5cd9511f06a762c8a07b26c5fba37ef49c4de4cafe77cec8408fe52ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in reveal-md-sirius-sequelize-nebula (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 968ce933dbdad8b347b9115160eb71c5d39ab52d322b18214ad9c9007cd336e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bad-old-deserialize-bundle-boolean (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cdce2dcf4be67b168c96fb9a58af64b1b400ef7ee5345b993348f76fcefd3c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transform-robotics-filament-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65dfde16dd768ac14d658dcc5d9aefd9d6e5e79e6df9a61fe8202c0c895d6480 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mongoose-supernova-transhumanism-gulp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f080f91fc223896f4b99c2ef315f355058984fd6c7ad8f2a112c9c4f169b8e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chariklo-dysonswarm-yildun-adonis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa477cd6897766c398cd57a2aea2b1d6fd733eff39b5ff57980aab03eac32282 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in function-assert-orchestrate-theta-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ced639df901c0d1de13cbfbcff06848335dd6fd1617517443157c3e3ee78e72c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cache-less-venus-supercluster (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 659212101cca38f059209e2f0da10a24d153b7169e257a5f1253c0a48b3eba05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in key-notify-stack-water-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87ddef8cbb3df6b03d480fc9b842a397d7dc55f271ce04cedca24e2d5d1065b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rollup-plugin-optimize-css-assets-webpack-plugin-bootes-polaris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a22361096be70425abad1a7efd5cf9876ee3807f16a6b9935376c78fcf0a8d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in taurus-deimos-package-toml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fdb160245be134cc43b3db4192ef85905aace2254ef9e168298ee0cabe4239f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...