Lucene search
K

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.3 views

Malicious code in nokire-lokcek31 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebe654f7863b260d7b2fd03526f34e58ba42907104c36c6f3e054a48ba9431e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.3 views

Malicious code in polymedr-mindatas-buipenaj (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15da89b3928f080cbcde72348ca4047d1935fec3e0d9509506126b6651172e1b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:31 a.m.4 views

Malicious code in intelligent_clownfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2d91cfcf28e832dcb525b82f4b378cae85939d23c716cbf4ed7d9aa2b3abc20 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2024/12/10 10:42 p.m.14 views

GHSA-VM32-9RQF-RH3R pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion

Summary pnpm seems to mishandle overrides and global cache: 1. Overrides from one workspace leak into npm metadata saved in global cache 2. npm metadata from global cache affects other workspaces 3. installs by default don't revalidate the data including on first lockfile generation This can make...

5.8CVSS7AI score0.00942EPSS
Exploits1References4
Rows per page
Query Builder