97 matches found
Malicious code in sea-bound-siren (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...
Malicious code in tailwind-smooth-slider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4196 Malicious code in pinno-loggers (npm)
pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...
MAL-2026-2156 Malicious code in tailwind-animationbasis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 613bfa904c0195c7d59209123554b2be83ed4a0568c174e8b221e22725fec103 The package tailwind-animationbasis was found to contain malicious code. Source: ghsa-malware...
Malicious code in ethglobal-finale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bdc506129e3fb599d1bb0f5c3a369199b3f58ecda5d8c869d47f25847da6ad The package ethglobal-finale was found to contain malicious code. Source: ghsa-malware 051d643dd2d78f5cfda5a7945e560297dae2d0d8abe72d2b1725846b34951f...
MAL-2026-379 Malicious code in @joaoxxx/internallib-v325 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f9c573db1b523cb0082a05f37710f4084f5ed28324fbe23186a7ebf9a0a082d The package @joaoxxx/internallib-v325 was found to contain malicious code. Source: ghsa-malware...
Malicious code in leda-pegasus-magnetosphere-sagitta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 320e44886a156614cb8756afb54e4075fc58ed6bebbdd91f2cfd702bf93dd0d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186359 Malicious code in cosmos-coronalmassejection-remark-arcturus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 208a74d2761cf9eb60cec0d3b5d1fc4781bf4aa0d64bb47e029d69cc94828006 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187169 Malicious code in geomorphology-fermion-aquarius-oscillation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a5dd8df67636856b60e86272fa741e198eaece85c5f95e6c79aa5e1235b8541 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190274 Malicious code in webdriver-mocha-nightwatch-cosmiconfig-despina (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de3cfc3b8c341c20b4e8af0757b87d8eb021f0af5c7c338267d8024659a8cd03 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in inda-fodja-g (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d497107c4e4a0ed32d4bc6fee44d2ada243a1951810350f8dbf2f7faf2f285b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mahnu-oy-gistsi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 580c2a19d202109998de5c16fd76146b3dd4f2bc3d42ecdeaf88ab9cbae66e93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in inda-fodja-gugoa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2381618fb04382cb6b6ac8f5c237372ed847fc0bb1b5fd82466d27c28637d739 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in anais-papmoa-ymiaogia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7976a7fcd6198cb3c4446ea7455bff5bc8568d8bca6b434536f2c6fd3a60a1f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180619 Malicious code in teate-thy-sonic-kuga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8f7f9d7d5596bb0f44dcb9d744b03137db01120e4b14103e782f7436119f881 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hunim-satmf-anujafai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de0d5caebf6adae65dfe63111d6274a234f00e897ff6ff7f7b2460c5651d771b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sumpel-poke25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 440486628efcb099562dee61bde40f559f662d012ed61572abbcc25503ed16cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nuragi-sutu-gaaog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3458ac9421392a568a4fb33c9151f595bf0352c24f70e36e53dd1b098eceddc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-176911 Malicious code in nuragi-sutu-gaviaog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e6ac6b4b76c922d3a426364e1242b22ba7191fca8b3a077a20457f318debab7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-175810 Malicious code in kupaio-ulokia- (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8812e28fa4c2f11eeb75cba960cf3eb2fe74a44780ba4e5552a376d54ec0b87b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...