3 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised
Detect and mitigate malicious npm packages linked to the latest Mini Shai-Hulud supply chain campaign targeting high-value developer tooling...
MAL-2025-76247 Malicious code in wibowo-kue23-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6da87238f9218d54ff0e77a743ca772f11bcbaa92312e55a816914d5bd3c6b73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...