Malicious code in chai-as-tuned (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e00f81e117716cfd7fd3565cf8b04073cd494a6da2c23749669133806a7473 Package name chai-as-tuned impersonates chai-as-promised and ships a README copy-pasted from the unrelated pino project npm/CI badges point at...

Malicious code in @qwedqwed/axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 119efce3cb464ef8c7b605ec49768619ac9ef49b9981d4b0a530ff1829194b8c @qwedqwed/axios republishes the legitimate axios source verbatim under an unrelated scope, copies the original author metadata Matt Zabriskie for...

Malicious code in @antv/g2-extension-ava (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/chart-node-g6 (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3650 Malicious code in microsoft-applicationinsights-common (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

MAL-2025-184092 Malicious code in mlokok-lfki-hakumajiausubi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7acca2e524d32626d2fc84ea7b162a842d20f4683996132407e7a05c6e59af6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in baso89 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08531dd6386f4b370db1bfa2bbb50da4539c83cb1d4d2686b7a729bbc4109195 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-176883 Malicious code in nuragi-sutafia-dagiug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b8f6d968dcfa45e30a31c086fd25798f3a57123f840bcdc4681c74195dfa8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-176999 Malicious code in nuuur-zidan-tea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05673a8df673bb19d5454826b918db1b16efc542fa2caaf8a45162219406c63d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-178312 Malicious code in riya-31 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d81629a108c1c22751904c02fdca540020590588011d855c481b9775f8a2895 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rino-poke8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfe19b42dee89c876b8d299f6694aafda05151f80e1f085389221e508f1aadfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-153133 Malicious code in avminah-fagimas-ofisugooagafag (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb81634debd98ee5ccb53dd1c8dc99f43a93e4dc3744255f5631b0e355bc8d02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polymeria-nuyiagtso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d709c4d157bb883e2349a64e5be6b5c93de8bd2dcfa85c83c2f2c5ab08cc889 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in slamet-poke12 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cd7fb75efbc637f36190ff59be2616a744c68e52c116f2ee378ec29fbcfa0aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in teagood-manaki73 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c73abe2677c0f4a34d74b7d78caad46b26bcdeec6d8394a17280a177453a8383 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avminah-fagis-figa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90cc9c731ede30beb59dc483904da696a9674e1ced0435e89f1622d0a2eeb2b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rino-poke22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8c4ef79819928acbc765b0e013e77727aa5ef1319bda94a1174eeb34774885b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-164975 Malicious code in rita-98 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9508b9a417471b3af8ded6f50a1f7e97c2d9ca74d1b7234a0421a7c1f8b22fed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-166233 Malicious code in suharta-poke99 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adf5349c3617cb10b65df1d736d4d2c5cc5865c2241ff9fbef0404baa28dfdcb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-120122

Malicious code in yildun-config-electron-ophiuchus npm...