3 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
MAL-2025-164519 Malicious code in prayoga-poke22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c54bf352d67bbdc1244586375c82be3aecdf0e2aa507ac2aff018f96241041d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Warning about NPM modules | Cloud Foundry
Warning about NPM modules Advisory Vendor Node Package Manager NPM Versions Affected Cloud Foundry NodeJS Buildpack Description If your app developers deploy Node applications, we’d like to alert you to recent developments with NPM and module ownership in the Node community. A blog post was...