3 matches found
MAL-2025-95112 Malicious code in invisible_crawdad_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db3f0548f9cb52ab973b5b4de60e7fbf393932b6769d190e8b373d90ff1b5bf7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in poised_tarsier_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0352d31c0ef60cd4108a1773f927ff1ba45f8138cf926bf5a1b5b7202a1dc4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one...