2 matches found
MAL-2026-6160 Malicious code in firebase-readability (npm)
The npm package firebase-readability published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
MAL-2025-80729 Malicious code in putra-ragi17-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1612e28f0e8005bae187a9f05bdda240eca45b8894c896014213072378086d68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...