12 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in tiara-mangga31-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6504688725d519a6ea30603d7d28a6ee021fc4315d0a3059451842e5c1194730 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in galih-klentik74-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a378372f1ac8cd4612b670b0907d61764a76b569bcbe15511f30ca3fc771a522 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-130992 Malicious code in vera-sego29-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e354e7fbb615da18ef1df87a4e89a86f003ca79fe4200b09704bc04826677c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sari-kupat87-kyuki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 400bb0df76251d1df4eed05aae76abe85701a5034237e8ac199080ac4431fe75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hanafi-dodol18-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b545a112d19f5d3e6dc452f793d5077b2947912f2fc99fd65d3ecbdffe03f240 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-79309 Malicious code in joni-lutis57-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d9b2ab2deef96497266329b1c0e0de853852ece15e998cd4ff1d13556008fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in siska-kupat61-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da465eeebf5f0fb1856b2d210b36298da390cfcccfdeda55e099a694887f08f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indah-tomat38-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb4629e995257c2d1d31217ac8d33afc27a7e01a1fd02333925eb3704dc09ab9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-72339 Malicious code in cindy-jengkol51-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a141d1c25f1f5c9a36feb331701f5c046c3afd2b09388cc23c0c3b247045c2fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in candra-takokak92-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4b94aab6bd9c02998dac8e89926e7de48d9867e6e1cccbf0982e9a0325337c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...