Malicious code in rigid_swordfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c84c037c3f89383cf4e074d21a1a3a158223b46a7061fc7b9b6f5c03df32d0a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-112684 Malicious code in anonymous_dingo_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fc205ffe0192b0ca346bb41578f99dbf16c62c8bac90b46dbd5595f884b9f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-113240 Malicious code in crowded_cat_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0feefd38f929582bc09430f3257321ff9a57440671a7041a84c9e74446d30742 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-78582

Malicious code in pregnantdogz3n npm...

Malicious code in outdoor_urial_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66e095cb99e0fab1ff5b672c94a590260244e34d0dd08cd5f206324e2d93a7ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in broad_warbler_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b8dafab7ac587d14c0bded87f0ae8c5b54c874875a00957a068b0e826fd957c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-95822 Malicious code in overwhelming_buzzard_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 642cb9d135ad1b222db0fe628fb59c5590fdec6f4018baaba1c764e3737ed165 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious Package

Overview cafebasicsduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

MAL-2024-12352 Malicious code in stationschedule (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1fb915cfc661cf3db3f6022ea50272f12924e983b9791743ef639129cbc82d50 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious Package

Overview apressmoysklad is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using apressmoyskl...