13 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious code in phi-shell-old-old-pi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddbf8b98f48373b31cbb5f1e89f4a12dbe3f2261af644871c9045b89528e7622 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in saturnology-fomalhaut-geckodriver-resolvers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2caba52a6e0c88328d81e8c122e414d91225f1c1fc9d17f8a5aed4ff943da7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in manadsi-safadia-naisop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b493f74dcb9c3fdb730c73ac03c1424b7c863470f9ca8a180179a3b1ba3d54e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tealove-darknest28 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18d8a2dc0ea2daee10e5bc5b75038e5c23e54f80a51b8461698a7735acdc57fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-164721 Malicious code in rino-poke72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd2dc300682fd8d018656506f416018a65c18636c06c5e03807bbb0ced33b7a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-162785 Malicious code in nokire-lokcek31 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebe654f7863b260d7b2fd03526f34e58ba42907104c36c6f3e054a48ba9431e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in postcss-loader-quito-iota-commitizen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ff2bf6dc026adfb7fcf087d65584c298b75dd1842c5baff878381350cd0ad5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-145958 Malicious code in parcel-europa-publish-carina (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4a09bc38436786092d99a19e3bf9e0d03927398fd2aeb6347409e17722db57f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in electric_cobra_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f95e979f1d505ae5f4b9292751bae87ce484324cffd9eb4e83a1fea8f6f68a7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125773 Malicious code in dewi-kemplang46-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65ba1e48ff3347f9ab278e42047ddd3ff545e56beccb24f9d2056ecac3b5c445 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nana-soto72-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec36782ea3e1ddf198195fac7a3514c7224032dd7ba9ceb1d663ab058fbca4b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-73383 Malicious code in hendra-lepet37-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d03bba21bb2a8a4c9f43bc832b3ff89218d34a50584e4cee0af0341f25cb2e67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...