138 matches found
Malicious code in @service-suppliers/set_initial_loaded (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd44f16d8e16a982d3d1b38f7956db80de10ef3c0c176e7079e684926c1c3c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious code in ganymede-levels-changelog-norma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4be57e2d19eef99afd220a750db064df4bbc79106573179cd8f3529f363bbaaf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188246 Malicious code in neutrino-radioastronomy-comet-planetology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c5049737339f9d2c21434a980e4d0f599495860ad89b11345271bf74c80809f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188638 Malicious code in perturbation-blaze-singularity-hermes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71d94ee357e591d02062c95c64888251cbd977c18af9279759332c2d7380f162 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gemini-postgres-rehype-sagitta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 835234f600dc962131b0c036e7163ad52a55b2eff7514f87441427dbc9a88dae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in debug-user-pipe-sun-simple (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b956520dade516641ac3e4bf6e4c17f3370f200481d4157d05f06f415cd0915 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in build-eleventy-deneb-gemini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e60f9254d7e112b0cafa3f70a3f75b052568cb6aba5c5b36c30ab0558c2b06b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186565 Malicious code in deserialize-rain-stub-alpha-socket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fe3e3ccc671a2079a03fbc27a83e769b85746d020ff909b6623c07efafa20d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in beta-orchestrate-slow-void-table (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b227205aa0a92d0a25b8f20a2541e47d8cbbac034ff4a92b57769c69b8e6f11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189696 Malicious code in string-epimetheus-neptunology-vulcan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87799b6ccfec3c2366bd5ed81d245b37d7001448ecfa937c6f2af98929640806 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in callback-uranology-fork-rigel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d89126218c63ad6d2218e842a4434823971958bc5a20ea94a407d02e72400bbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189688 Malicious code in stream-sequelize-writable-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fdf4cd8fedeb6040c6b2bae5b893aedc5f019fba5512dc35e0ebc2a03cc4b8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189424 Malicious code in seismology-fornax-frontend-neutronstar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 848aab6876b012ec2133173e8cad4463aa92d465bc85e151ff8357c7ec635ae4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185788 Malicious code in betelgeuse-cassini-lyra-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceaa53a75ecaa03edd7aa29ab318da2007e7edc0328de4c86c5f8b43089add6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-182828 Malicious code in itale-adci-ggmatodnru (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 840d91dbac328559284f6498641d488f142b63a73b5581cbe6c51cef84875584 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in masolv-ilo-cvaginauvhu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 758489ddb1f9ea6629106c3984db9ca0b5ceac0475ca7f829c22c3b1043c822e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in butry-yust-mutyi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1eee2706d69768335f234f0d981603e6c07016b02318932760846f75314c58fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-177711 Malicious code in polymer-afifa-fasaga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d1a4ee739cc7939fa78e199a01d85f2002bdc9c1a0df380205d25bd044bc91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in godi-tufuja-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10bd0c5433bce51b3cf0513a208555bb2997e44a567f2182be132bbb9550d8da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...