467 matches found
Malicious code in commitlint-exec-webdriver-manager-ini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a29c972093ebe62f0e65806d1b9a7bbb36b4ced01737a961f52681337efd871 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-120680
Malicious code in vulcan-node-sass-commitlint-config-angular-puppeteer npm...
Malicious code in proxima-commitlint-config-angular-pyxis-fork (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4de913c34169e8ae4ca886f994f10fbfbfcaf2c7d8b2398a257a5389e21b76c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in farout-fornax-nodemon-commitlint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9559e0d1b441f1ff05b3f0176504f575e482ba3e7e4893adcaafd3545abdb08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140981 Malicious code in commitlint-event-hapi-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2c7e4542e0c1b82a096fb6fede5659820f6472f2fa073cce4034c27f936ac04 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146527 Malicious code in prettier-yaml-commitlint-kinetic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84197f8f3211ebef49ce9b3018f98351e783404d7aee0a1de774671d75066fa7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-149615 Malicious code in xanadu-vortex-commitlint-electron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d64f87e6cce76f6ff4efed0deb7484278a6ba8041ff40ef0ff4b4e35deb5ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140980 Malicious code in commitlint-equinox-antares-andromeda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf9f4821f0ee99f48562646d82f3f69fd8b7ec96aa2acfa28f0dfb34f662d098 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140997 Malicious code in commitlint-xerxes-deimos-adonis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58244559fbbee2ea59e05e1acb575ed0ce8db9e247dd3b432925e94666a5907c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140995 Malicious code in commitlint-triton-less-loader-umbra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 359f28fccd67ed92da7ca0e7b2618ad8b2231c15a5d76882a1f4682b81ed5219 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140972 Malicious code in commitlint-config-angular-ultra-ariel-nodemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a5ad258019d17cd509e8f6df52866f9c59c14140aee5a0bc52dfe9f6b0071a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in commitlint-config-angular-webpack-wasat-ariel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b38732bb40f27e5ef5078f17e319f036a03a4a5baf07946c9d5ae86538d5462 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-149249 Malicious code in vulcan-node-sass-commitlint-config-angular-puppeteer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bb779a176a4c829aea3911dc0bc2e0fc29f6318b8e37e107ee22406818d887d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140160 Malicious code in buffer-levels-commitlint-config-angular-protractor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac128b29c04901328bcb6420c6ca7c26bc5e847daa6dc52991d4dc227b7dbe23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140993 Malicious code in commitlint-miranda-express-eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e6c9729e5c963e5d34a195722b7e5ab7ca83819c63665ef44c1069c6b8d8b7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142692 Malicious code in framework-quasar-spawn-commitlint-config-angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdf3c1ced05681da6b00f91ff5765d1da4c60751cf4ae4ef9f608e00d15fc266 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140990 Malicious code in commitlint-jovian-exec-figures (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2a83712f940d043472046dfe7c051ea32c09b485d15a401d1e980e1167464e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144176 Malicious code in kinetic-lint-staged-commitlint-config-angular-vortex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb0ccf783d99e2f174768c7a2d194db3957b6b4005ac8c4e3b73a310d979249d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +387 more potentially affected by CVE-2025-59343 via tar-fs (>=0.1.8 <=1.16.3)
tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR...
MAL-2025-47233 Malicious code in @crowdstrike/commitlint (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e58c63ca78f39890835120723ac0ab398dbaddb3018f3b640145685ab38cdd93 Any computer that has this package installed or running should be considered fully compromised. All...