178 matches found
Malicious code in @cloudplatform-single-spa/dataplatform (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4872 Malicious code in @car-loans/gus (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
MAL-2025-186266 Malicious code in concurrently-fork-blazar-helios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46e2cfa382a69284deda13d32454b9f9e9e1ed3c213c197f1ee60c093e7277f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in neuromorphic-cybernetics-cosmogenic-neutronstar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 160b9ee422b1614bc10ab76b17cfd59829dd820e115922f452f8253b0f2750f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187272 Malicious code in halley-unuk-hyperion-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c9506d8e26da1a023822ac60bbd1d414afd9ff2d27728755bfac524a22a8579 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eigenstate-spectron-loopback-wormhole (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0460ccbfd41e51a0714ef69bd00401d3487ca8ab7f70a90e0377723fddd725c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190423 Malicious code in yaml-chi-cloud-nu-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f23374d8415feaec69ffee45d782c1abaca7d176af8b9626e1a1ce2395eb60d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lobac-ubb-afa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37227faef04f109d8d7ea10d274503d937ede9f361b00722bfb76df38f5b01ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183640 Malicious code in mahnu-noy-gitsogapo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f5e7e4abaa93bf15bca06857d17ded1ead747ad733b68d361eddac437bfd95d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in flights-ilutg-iduhisa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0b31c70d46bd76f0e997e469790865ebf9ac8591572d39048e0d42685af3299 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-179483 Malicious code in anabuyil-inanhu-ninni (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0631d72fed46cdb91ad5762151f9b9c07a819a6f1faaabfdfd54f69709bea34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180449 Malicious code in teate-thy-sonic-gutaha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fa8fa713f088cc3b663ff0d9c601a4d23f28156feb8c10246dc03f926f865eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180186 Malicious code in teate-thy-sonic-bazer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e58ed8f9415ccd9b15cbaee3f16790b39d1557099a06304e41cdc4cec7cf6c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-179009 Malicious code in tearich-ralat5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f065aaa52eca920beb2cac0e4dcf8c4b1f020a96c65078cc5f5292bf0a1500c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-176687 Malicious code in nuilva-bavaim-rasysi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04d6deeeeefbb268b867cacf7220e15990d59fb1f110355d1a71251d0dcc0f73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178511 Malicious code in sahuar-satidaf-fagubaiao (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4d45f1fb8136df3dc7a8647476a516bbf215f712c40d16602682623bd592847 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-175817 Malicious code in kupaio-ulokia-jakai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e034fec80ccf12c1a68623522d16568dd84357b32040bd068ca8dceb79b4079 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...