1080 matches found
Embedded Malicious Code
Overview @velora-dex/sdk is a SDK for the Velora API Affected versions of this package are vulnerable to Embedded Malicious Code that delivers a malicious payload through dist/index.js. An attacker uploaded a compromised version of the package directly to the npm registry. The payload runs a...
MAL-2025-186451 Malicious code in cypress-technosignature-solarnebula-protractor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee5b6d2c365fa8597a05437b8cedda2feb5adf1dbce76e271afccd20f7f8e10a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185842 Malicious code in biotechnology-testcafe-cygnus-auriga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2756c79805bc9cf70d1ae96a1a009309dc842d56437d620e90834924c1731c81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in antares-aurora-mocha-corvus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 889355acffa58cb18b880f4ddd5e587f1056c8f5bbdccc545b03da310c4e347c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yakutsk-alphard-winston-nconf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42520c8dc3cb5fcd945016e4d3fca6d736c2b65f9e37c7c765d7c18be63ba45d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chalk-stop-indus-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87bb8e1129a1d5a199fd42030542e91c8c409a534084d9519532cc4057e92cc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hercules-css-loader-restart-eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71cc33249cf2dbd5db35e33047b6953ad257e29a19278529523291fbffb2ed6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in holography-hercules-janus-postcss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc0747bbcd6e1cb7fbbcd0dc7b214cd578ce9437437d5ff92c3122cd217d7f36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pavo-colors-taurus-eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4822eb2e312a8df244e9a3d06ff9c91bcb9d9f9cf6fdc56dedac94c979d42c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quantumfoam-zenobia-reveal-md-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27799202edd9df55bfa425f701a2e9f280f60f6af0265fd10a9ab55e7cc7d7bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rate-limiter-callback-nebula-electron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53651fac56158fb1f188c86d46208153a283a6a4bc8f891f849d0f667396b922 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179816
Malicious code in centaurus-quasar-module-rimraf npm...
Malicious code in miranda-koa-fetch-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0542faa9fd01fa72c958cf46a1d5a08f0ba4db727709a088052187230321c063 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in paleontology-acamar-steganography-commitlint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9d1ccb96d7ec2f9626a93f33572ff27aa51718c6e0e1f4bffd1f94f89e753c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186255 Malicious code in commitlint-publish-fornax-prettier-stylelint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58d0a6efe42d239d3fb4ecfc887966e3ba7f79c8cde0ddd056df53c7460a5ae4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in css-minimizer-webpack-plugin-vuetify-ichnology-redshift (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e51432f68b706b7ae7c14c4afd85ef5068b6383f1eb97bea5a751ea91677a542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in capella-indus-config-relay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68bfa28ddf0fe8d14595cfe49367f754f2bc29b2a834ca5172654283e2f49c16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in spectron-mini-css-extract-plugin-enif-commitizen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77bf4632685f048e884c1d50e6b8ad6399db3c7078098bf8b61b8d61dd7d4b35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in postgres-soap-apex-vortex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b86a98a2d226d8686f0c0bfd665e59b9bb161862d45d5139f58b48ca662cedd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vuetify-firebase-darkmatter-mineralogy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72c7cb31503b963b956ff20f68210ddac6120ba9463afed7019619da8b0fdd14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...