20 matches found
Malicious code in neptunology-gravity-start-interferometry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8e13aeeedf63928df41a9d4049871f5d598588d838eb4f63aa053aa0c350a1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in imodiov-kufni-uavcseqinsdayaba (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097b26d00445b9c3877e6ba680e76774c91c3e0d535c3733cdb892801038e202 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-157001 Malicious code in jeep-poke33 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0723ea5c2b43f8bc837497c34b5929eaec7a52900ec0a405fe1c75fe8369def3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-169800 Malicious code in uinsu-lis-amudakinbua (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 384683294dc1403eafae812acb6384930223305152a0a74c3604e85040bc3ed7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-158752 Malicious code in lookingan-namala40 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7757fca789d6b212925aeb32b6cc47f48ae06b1f360e6f11232946a92cee7a5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142483 Malicious code in figures-spica-halley-enceladus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 161b803565d9a0152ff60b29160803c2711840c6794f148fa262660e872d602c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144130 Malicious code in kastra-quantum-public-restart (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 124f32f9ca1bb4dec77e4c7dfd7d93584f92b71a291ca7d219c1c986fa6a3f71 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-134133 Malicious code in hendra-klentik45-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe95c4c21a3936f6b8dabb45ffd85c2343a6cecedee3e1f820423dbb71c7a798 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lisa-menjes39-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e51cee4b56bd2cb332d24d5ca38e759802a7dcae22bb0490b62f465c5372575 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lisa-sate13-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f2d33564e576554b0dfc12fe3eff68228d24b5d5e2cef58ffd24d830805a620 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in relaxed_tahr_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3498a37c561cec967356a831d3c2e5493754b7f2e473ab3e76b11c0b95af754e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-109347 Malicious code in surprising_caterpillar-apptea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2818b1d42562c88ef96765a31f32e1d1d1e27a5e20698ec74fd57698a016f9e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-103147 Malicious code in gilang-mendut53-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 516a1f7629c25876d3a11ecb9e3baafe6beaf7d6ccf144a040e78cfa41e234b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-58283 Malicious code in putri-martabak30-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1ec6e62b9ead939c043c6bff130c93854b6331f93dce4f9e5395d5a0795e4b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mulyono-teh61-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd53cec09bda737dc5d3c58c42e348694b5a08c8057ca6547eb498a465e5e3cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bcryptjs-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0be16faac6783f82014ca8cf99ad85fccf1d5e8a161d5b601a50ae9d6376727 The package bcryptjs-node was found to contain malicious code. Source: ghsa-malware 9ed37910e4f94c2d5eb3552347636ce0b38ce92c42cb7abf643ca2cffd60e8af...
Malicious code in raffle-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ac13d7c4af921223dbc9d7c6aaf194c6d5d3615ae0a6afcef4b4acaf1772095 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lucide-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75c571b67979d102e5ccf96df30cc81389915df3cafeda514d98b4ebd24ce031 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in chalk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70949cc175e0ba67154b754dc4de76fc4a7dc13446617194a9993df6426f0cbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
mssql-node is malware
The mssql-node package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this module is malware, if you find it installed in your environment, the real security conce...