13 matches found
Malicious code in field-plus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0112dc4801bb261e86a2f68d5fd49b6c955bb4e82f872c72e61e49cc638ca91c package.json declares both preinstall and postinstall scripts that run curl against a hardcoded bare-IP HTTP endpoint http://3.7.226.146:9000/callbac...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in nebula-outercore-promise-lightyear (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66069e88859f70dd33e442af467828063afd118ead677224c580a78b092e7d93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-176515 Malicious code in nokire-tanjiro29 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80845458c29519f2e5c34b210c97e2e6d4feb95e05b882e0d9faca1dd44ac6fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-97978
Malicious code in innocentwormz3n npm...
MAL-2025-129244 Malicious code in oktafian-sego44-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1fecf663cf2789e10fb7d1aa17449610ecde65885d4cd795c5452676cf253c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-93624
Malicious code in zaki-mieayam69-breki npm...
EUVD-2025-68424
Malicious code in putri-menjes99-ruro npm...
Malicious code in faithful_aphid_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 351c4d6add695be8b8e6dd5c2dfb22f3e5de93efb310bc14ad495aa26c664c6b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-72021 Malicious code in bambang-bakwan36-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea3c63df6d8194d32d89f20dfc94f76de8d82eb0b1a93a8c86574d6457e9a791 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in twilio-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20ffcb178cf9c4a8cc2e9e550a170ff42fa42a341a71eb80330990ce0fc4fe3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mp3-file-zip-d-ownload-25737-the-dividing-island-m1xnl-ssmrpa (npm)
The package mp3-file-zip-d-ownload-25737-the-dividing-island-m1xnl-ssmrpa was found to contain malicious code...