60 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
MAL-2025-185505 Malicious code in apollo-nodejs-helmet-loglevel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03f8efa0ddd24ff187a77bfbf2653e94f12a622525a7c6ac90cd8bb470c36f55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cat-minify-cold-reject-monitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32c65a38066677839d90818b4977e99e296362c59be875c64b11287406021b94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alphard-mui-gatsby-envconfig (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cb3005addfce76c80633ae60df973892cc0a170579a5315c529dcf35c96059a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189864 Malicious code in terser-antares-markdownlint-telesto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a63d74fa8c6808e660d5a31301107399d05e75ae04fa9ca5c2fc86eb0c04f105 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in itale-adci-ggpantekkkktolyu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a53d76b66339259f99b98e3e5225aa0bd456f92047b518f4704cb4238b06c67b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-177980 Malicious code in polymer-gibga-aga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69d0e1160d19efbd2bde1114fa2351a20b9c9d882b4ad439e2e55dc5b772e050 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in unimna-satiagobifag-naigis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4c591d8a4ad04a748a29faf33c86cc9bd97eb93c6d5d09a1b6a16eacd861910 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fahaddanish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a2707294dccc5e2ff74cf0588f6ea359227a521ab94f4e41b2a22d668a37e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in @mipta1/nihsad (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d6098e870329642861fe7d7fc6b002077bf0b03c1a4059c10d8e9605824baa2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in infi-gfobai-jigga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a16ff404f050987a879a64484fc30e852d65469b1a438ef3736f5873f124aa3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in abiua-mobani-ayumano (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ad515527ab3e4c838e6f6f4b03ba7768ef9eb56f15c0dc66b530ab00eaa4c66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-157215 Malicious code in jurss-zas-daaas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1ac02e03212657974ee64834c627bbf2675d9d9dbc7f13f7f9d45577b32d17f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-167760 Malicious code in teagood-sukuna1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f066415be82931a6d1682e6d0a0a286979c372f732bcdb65065581fc76d9753f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-162122 Malicious code in nokire-abimanyu11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29e9c2fc91d899a9e508fd1fefb9bd0b83f2ebc42ce0d06d7e7b80c848107633 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-161758 Malicious code in namadata-buntal-butya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f67c8841d42c3935b58ad59d728dae977f00cd1cbec4b2887544a7320b6979d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-158624 Malicious code in lookingan-namakita16 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b266ae854bfc430b8cf09f8fc13d322842d90a056ccb5c73f662e0840b319c2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in saku-au-idusan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cde4f56ba6fde4f9876fdba24adade523613b86e3e89d21136540eae11d48d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alita-poke34 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2340d7f981f1e690c72524cac5283735f5a5cf337b3e9185667d0a8ce61c0071 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mocha-ariel-wolf-auriga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ccd0516e5a02ce30bc9aa691ace0de847ff78b26204bb4998a2be28a48119c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...