9643 matches found
Malicious code in leo-connector-mysql (npm)
The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in quantum-computing-less-loader-mensa-css-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eefb4c011996c06f58eda7e1840993e823cf3eddca4bdc92a366643fbc9da57c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chalk-resonance-triton-mineralogy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bf63178531eb1e18ec7be76ee8d7757e6690fecc2d546232fa954284ad7bee6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185490 Malicious code in apex-fork-jupiter-winston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27abde9d095ffe2c468fec2bb75102133f4803428db20e669e77b0057e79fd5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188486 Malicious code in oscillation-readable-supernova-karma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b51ba16ddec20c5fa98e0be10274cb14d7ed4c223f9f5a94cd339d2118dff1d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186319 Malicious code in cors-standard-epimetheus-telesto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38a0e58885cbe1280ac15b1de772db340d444deeaad728af9524fe0139441eec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186412 Malicious code in csrf-relay-miranda-halley (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f899356aede6a0e064a4ad0d787f45e899605f276b16981fa45ad710d5d7f054 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187929 Malicious code in markdown-paleontology-antares-quantum (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d46395b1e046730a6f0bddc7e1f77cbf6bb8fdaa009f76bf1a87f5c99f0bd3b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186687 Malicious code in eigenstate-gravitationalwave-config-ora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1ac45b72547ad9810a75d1263cb7b9a765a2eb4ffc477983e5b99f4890b2e1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189565 Malicious code in socket-decrypt-tau-big-compress (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 849529486d9d0d589a18e25c834f7a59aeec5d0fbfd60317298188a31ea6ec62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186519 Malicious code in deimos-polaris-gridsome-magellan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2d7daf5a58341775641235bf8ae1045625d4dfe06b3b0772252ddf9a2d15bd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186360 Malicious code in cosmos-framework-gacrux-pm2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cd2a9d5b7263324033c43fd921ffc4f87609c2d056fd9ab0813eb4da595dcfd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186314 Malicious code in coronalmassejection-sirius-morgan-process (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d80a0fc837162df43771bbbaa03d52e4c3a0b2bb5a2cc9e42a63ae33dfe82d0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185853 Malicious code in blaze-figures-auth0-proxima (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 727dfde69f223e063e6c105bee12a8dd3b764b31aff3b3d9533313df6746f169 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190190 Malicious code in vuepress-centauri-transhumanism-astrobiology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bdb05993db85d17c64f179ee15f5d3d4425016c0f6dd71699c1b011dd854db6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187082 Malicious code in gacrux-farout-publish-barnard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 452c960aa8905735a4d5f1b36b9b11902ec192984de6bf397eedb20365903d7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yakutsk-luna-nova-triton (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1247a887e7b5c2f9fd964d4f486657e8b0b2f0cb3db19d32b6971e95515ac6f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in child-process-stratigraphy-subduction-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7c49dd3945225b658c5a51f33c18f72ccbb43fd246685797fce72947468f0a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cressida-indus-epimetheus-borealis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86889f7ce22f369521ce2fceeef29b4481464a118b534f7a620ce86b6d283dfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sedna-semantic-release-meissa-winston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23de4acbd096d7b2e9443bc9c267dde65252e7ab561fffd7d05d00627a2595f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...