154 matches found
Malicious code in @marketfront/customdealsfeed (npm)
The @marketfront/customdealsfeed package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/advertisingdevtool (npm)
The @marketfront/advertisingdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...
MAL-2026-6772 Malicious code in @marketfront/customdealsfeed (npm)
The @marketfront/customdealsfeed package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
MAL-2026-6780 Malicious code in @marketfront/footer (npm)
The @marketfront/footer package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious Package
Overview nottuff2 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...
Malicious Package
Overview imillegal4 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...
Malicious Package
Overview nottuff17 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious Package
Overview abuden26 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...
Malicious Package
Overview nottuff25 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious Package
Overview abuden214 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
Malicious code in @redhat-cloud-services/javascript-clients-shared (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-4971 Malicious code in @cloudplatform-single-spa/solutions (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in clobprice.api (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
MAL-2026-3969 Malicious code in @antv/g-webgpu-core (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2025-189996 Malicious code in tree-validate-info-signal-abstract (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 698999b4d894fec9e7aeed2c3d4cfa851ccefeb92457f45e03cf92331e29f7d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186980 Malicious code in final-scale-static-yaml-debug (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6ba87a36ae06fd4997f24c35c4cf6157601dad069a9c57e6ae8d43cc88aa435 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188494 Malicious code in package-pyxis-cressida-kastra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361f5359ea05477e4618166218c778fbbcf5a35803867aebdfcd432e29c7d74e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187748 Malicious code in less-astrochemistry-ceres-halley (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce97bc6d36bcde07bce91a015dec579ae6795f061e92685f77111fbb9c91bc6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sahu-sautuga-infaruduit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9682a95a841bfcd2baa27990bd1bac09b5acf4ec4329e09211f0852ccaf89bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in digo-kaim-liamkiaainor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97313c25d17722c90634852a715b6148c7e843496cba5a293b1c3a0050eb51c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...