19543 matches found
MAL-2026-6136 Malicious code in ratelimitsucks6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ebbee718bfa55eada8a2d56c9ea228e7b661364827e71995fd456027df7eedb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in execute-java-short-cluster-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0078f37af1918262289019391ff05bf9d93d02c69489efe7d3c4cd18bc998f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in xi-minify-bundle-sigma-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0d9afe7d7141055c0838ad1a3d5294b15a110475b4a168a1ba8da29c0f3f468 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in meteor-meissa-airbnb-outercore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90614fd54ad4b93ad60971086709bbd736fc4d959596cc79df4ddb78e672937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cordelia-zenith-ganymede-mutation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52cc7a0b5ee7ab3c856d1daa1a376b8b8524151fc4f7a6b66551f0059afb40c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in got-callisto-whitedwarf-gammarayburst (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72a5d6a59b64129c9f1e662025a6ba97e7c31ec48341563d9d572d474073f3d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in html-webpack-plugin-taphonomy-test-coronalmassejection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a99d7d629d5fe69287d00c673ebe7807540a4f91baae901f955841b2b66336c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriverio-rate-limiter-wormhole-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 546a55ebdbc1b18fed5bbad6be8b757cfe2c4fa0d1f046a9d5deff7b296f6332 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webpack-xenon-relay-carpo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41180387bc28be755e6160e34bcf082bef42299a422d7d567cf3db2bca891872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tectonophysics-farout-cordelia-darkenergy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bf5bcf2afab2b331136836c91d71ee1f886593553e406a307a1708222d4af10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in export-resolve-theta-slow-refactor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38a82e294ea324bca472096d25a02a11bb79c13ed4c1729e7d4735c3cf05ccf2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in exoplanet-boson-readable-grunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2512ae5cd9511f06a762c8a07b26c5fba37ef49c4de4cafe77cec8408fe52ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in reveal-md-sirius-sequelize-nebula (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 968ce933dbdad8b347b9115160eb71c5d39ab52d322b18214ad9c9007cd336e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in stream-build-ganymede-corvus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24b83fb6af139dbb9bbd46a83057ddae76e5bac4e17b4d50dc4543a894b03951 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bad-old-deserialize-bundle-boolean (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cdce2dcf4be67b168c96fb9a58af64b1b400ef7ee5345b993348f76fcefd3c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transform-robotics-filament-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65dfde16dd768ac14d658dcc5d9aefd9d6e5e79e6df9a61fe8202c0c895d6480 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mongoose-supernova-transhumanism-gulp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f080f91fc223896f4b99c2ef315f355058984fd6c7ad8f2a112c9c4f169b8e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chariklo-dysonswarm-yildun-adonis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa477cd6897766c398cd57a2aea2b1d6fd733eff39b5ff57980aab03eac32282 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in function-assert-orchestrate-theta-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ced639df901c0d1de13cbfbcff06848335dd6fd1617517443157c3e3ee78e72c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cache-less-venus-supercluster (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 659212101cca38f059209e2f0da10a24d153b7169e257a5f1253c0a48b3eba05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...