1553 matches found
MAL-2026-4347 Malicious code in @devcarron/clob (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...
MAL-2026-4603 Malicious code in lynx-keeper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc28f02ae68bf5a1a57af8662180d7a8a040e6f32ad87abde9acdae508070189 On require, dist/index.js executes a hex-obfuscated harvester that reads /.aws/credentials, /.aws/config, /.ssh/idrsa, /.ssh/ided25519, /.ssh/config,...
MAL-2026-4157 Malicious code in uri-parse (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in socketio-polaris-restart-adonis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e80f723fb0c38fbfaf0efdc1c70d08acd508343dbd594e403fca9751fb9b1719 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in local-kaus-wolf-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a07177608ea4cda7a96b7407c262d50c29c3b1cfc21b7e19c5d347ce377dd175 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185839 Malicious code in biotechnology-enceladus-jovian-changelog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f3c36919a7001f229303c0e8f4408d4ac99f412e66f6940bfdac27e941ef40a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188918 Malicious code in proxima-sequelize-miranda-chalk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11fcfe00fd6afb92e1706c29463826fc87304a0c02b85c53af1d7e3625974591 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187714 Malicious code in kuiperbelt-yakutsk-bioinformatics-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885670282282ed71c84587d4d2937ef17189c810ce88b7d5f8c18a44a0e539ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190180 Malicious code in void-grus-superagent-planckscale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20a8a9fd08defaff05f5feabf694f5b971ed1904512ea95cf7ae5be645b34d64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185651 Malicious code in auriga-postgres-fermion-filament (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab8e02ba82b0898bc0bbc8add1a4523f665ccee9221aa11a5577e629471b082e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188199 Malicious code in nebula-dactyl-avior-thermosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b895ab836b821d1e6ce731d76f1e43dfe64ebbe729b953e0ab44c71f0649c411 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185796 Malicious code in betelgeuse-octans-aether-less (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238d025dab0ee39d02e7edfb16a051b43ebfac7d807344917f615cdf00cc72ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in commitizen-playwright-selenium-publish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c754c3bfd1ff8786771ed58cb3d42e85de78b7b2210d6d9979d54019bdb9ae60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hugo-build-configstore-rollup-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9153c124f5d5e6316c12ad12d229ee3d86fb12c8b46821aa50e1b4c2d6c78a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in baryon-antares-leda-cosmicsilence (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf008fa0c59cf2a2efbee43d63306487f972657743488c6054ff09cbe33d202b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in command-leda-fetch-delphinus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5feb6e2ef6c9afe8aa0d51f1a5b382e86c7f05202802ce99f9d5296a1ce376d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in encrypt-meta-authenticate-log-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b652ac77988fd5095d31173051f104a9282bb6428032f99261ebbee04f6289 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in equinox-sedna-sequelize-convict (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49d21c1e2f37e5e821a84eed480f80f27b364ea4e2b3e2b5cc5e1d16499a649a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in figures-materialize-markdown-pdf-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41294a6a54f63efb3d110086df70993ce7f964de9cd488774579c765e803cb38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lint-staged-gemini-aquarius-superagent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fc40fa5df9bcceec113021575335b079fa5851a7bb404c582e9c8ace2a5b31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...