1080 matches found
Embedded Malicious Code
Overview @velora-dex/sdk is a SDK for the Velora API Affected versions of this package are vulnerable to Embedded Malicious Code that delivers a malicious payload through dist/index.js. An attacker uploaded a compromised version of the package directly to the npm registry. The payload runs a...
Malicious code in rate-limiter-callback-nebula-electron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53651fac56158fb1f188c86d46208153a283a6a4bc8f891f849d0f667396b922 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188378 Malicious code in oauth-neptunology-lint-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95c4cc16ff1626173c0195d83335a1da888d78e5e7a6f5e830831b1ee8647d3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pavo-colors-taurus-eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4822eb2e312a8df244e9a3d06ff9c91bcb9d9f9cf6fdc56dedac94c979d42c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185386 Malicious code in adonis-cosmos-eslint-plugin-izar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f51440d13be3a94db6138efdff6d65f7d866cbf0118a7f11859f4508a808663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in miranda-koa-fetch-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0542faa9fd01fa72c958cf46a1d5a08f0ba4db727709a088052187230321c063 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187065 Malicious code in fusion-inflation-dactyl-webpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd7df62b134bcc7afb6138cd72c0148fe9828de23d7012fa0e5c0c2047e9063 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189126 Malicious code in registry-firebase-bunyan-prettier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82d9b7fc7f6514023a049e5263cfac52ab080b751f5f9d2fad7965815713cab6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186243 Malicious code in commitizen-radioastronomy-steganography-grunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4570637a2fc26f6065d9a514ce97d5a5427454e1864df6aeeea4fd1563720406 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in css-minimizer-webpack-plugin-vuetify-ichnology-redshift (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e51432f68b706b7ae7c14c4afd85ef5068b6383f1eb97bea5a751ea91677a542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quantumfoam-zenobia-reveal-md-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27799202edd9df55bfa425f701a2e9f280f60f6af0265fd10a9ab55e7cc7d7bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185990 Malicious code in callisto-hyperion-norma-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0fe17e81c29306f1f25e84d0a6731bf3cf77c77932e4fcd2d1cd2459925b626 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186255 Malicious code in commitlint-publish-fornax-prettier-stylelint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58d0a6efe42d239d3fb4ecfc887966e3ba7f79c8cde0ddd056df53c7460a5ae4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hercules-css-loader-restart-eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71cc33249cf2dbd5db35e33047b6953ad257e29a19278529523291fbffb2ed6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in postgres-soap-apex-vortex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b86a98a2d226d8686f0c0bfd665e59b9bb161862d45d5139f58b48ca662cedd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yakutsk-alphard-winston-nconf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42520c8dc3cb5fcd945016e4d3fca6d736c2b65f9e37c7c765d7c18be63ba45d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chalk-stop-indus-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87bb8e1129a1d5a199fd42030542e91c8c409a534084d9519532cc4057e92cc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in antares-aurora-mocha-corvus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 889355acffa58cb18b880f4ddd5e587f1056c8f5bbdccc545b03da310c4e347c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in spectron-mini-css-extract-plugin-enif-commitizen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77bf4632685f048e884c1d50e6b8ad6399db3c7078098bf8b61b8d61dd7d4b35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mui-meissa-subscription-event (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e80d941c3ae4c03da2554b9884257c7aa6be8bde051d376559e56e35e912880 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...