1553 matches found
MAL-2026-4347 Malicious code in @devcarron/clob (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
MAL-2026-4603 Malicious code in lynx-keeper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc28f02ae68bf5a1a57af8662180d7a8a040e6f32ad87abde9acdae508070189 On require, dist/index.js executes a hex-obfuscated harvester that reads /.aws/credentials, /.aws/config, /.ssh/idrsa, /.ssh/ided25519, /.ssh/config,...
MAL-2026-4157 Malicious code in uri-parse (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in encrypt-meta-authenticate-log-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b652ac77988fd5095d31173051f104a9282bb6428032f99261ebbee04f6289 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in iota-centaurus-blackhole-cosmicray (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe9edd2d1e8b436561ebe0f717ae927f48886e57234216c51efa7ee60e1199be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in polaris-backend-rollup-asthenosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c75e945aecd446f0bba0ce1b9c53ec6e16c4e3159cd012093ef624baa26afa93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in buffer-aldebaran-norma-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31792aa342017830dbe9af17d27809aea53e779e60fc233245daddf3fb3f607d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in repository-reveal-md-multiverse-quasar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de52f7052500891977e9b92278627f7cabde231989ddf59ee96489c8f19bf65a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in archaeogenetics-astrochemistry-quark-chakra-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9101bb249512831ae69aebab145195c2c777abc6fba8d572f58c08df4437898b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in miranda-biotechnology-xanadu-halley (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 252ea35406402f4bad38396317c238088ec6afcbe8e5aa922bda36ae0b271afd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in impulse-holography-grunt-sequelize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c28c8183009a08a11188523afcf95bf4a90b317d6e72e29db3fb3800beef2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in prompts-jasmine-wolf-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c4950e6676dcd08c2d832364db96e59567d89ab3b4af075fb7f3fc3b563b84a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185796 Malicious code in betelgeuse-octans-aether-less (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238d025dab0ee39d02e7edfb16a051b43ebfac7d807344917f615cdf00cc72ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189161 Malicious code in release-it-apollo-norma-vuepress (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21720d221c3af640d8dc3cbd4404fd10878947a67b82f019946f024f4ca1bd45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187144 Malicious code in gemini-sagitta-cordelia-aether (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab8d2311414e1b1acf4dd1d565d5665bcd08dfdcacfc575f768244f7c9c7ca75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187994 Malicious code in mesosphere-private-farout-boson (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 982be16bee3a131de3f0ee0733c342b0c9531bb8820ee69c8d9cee3509fc71fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186790 Malicious code in epsilon-class-cluster-root-xml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 803cee7f39b9a2ab6058d1cd3ae867eab62842ca33d4e97cb5e92576816dc45e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in phenomic-resolvers-node-config-postgres (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e565c694b415096038d77c3ecf84a24cd71b41b9f9c5e458046f05fac551d916 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nodemon-terser-webpack-plugin-private-mantle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e48a9fd6450f06e90ee5d9956c154c4f2502f33ea2ea4855e7091ec32a7172e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lint-staged-gemini-aquarius-superagent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fc40fa5df9bcceec113021575335b079fa5851a7bb404c582e9c8ace2a5b31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...