24 matches found
Malicious code in chai-mocks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65359853241724a1b519599469dadfcd2b32674455db9fe5284cb7553a5ddf4 The package masquerades as a pino-style logger middleware but is a remote code loader. When the exported middleware is invoked, index.js spawns a...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-186399 Malicious code in cryovolcano-grus-ini-proxima (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0a229347ff016f9d70393ed03e8a4a921a6e4c86a3a5603209a0d4bd75855e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-180191
Malicious code in await-figures-nodemon-genomics npm...
MAL-2025-186460 Malicious code in dactyl-loopback-axios-lacerta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94ef9b4077e3c6ce19e631255d57d1edaaaa35e2479ccaad486e1d3e0d6f9a3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in relay-mocha-mutation-rate-limiter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aba86765ad1d4909a393eb1d62de286cacd7f00f07a84862e0f6f275d9553d71 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-122106 Malicious code in nina-lodeh26-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d91ac7d8f601a954d51857765df85b2d2c21c780eb3d5ac4704e634a2d7b6ea6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-90467
Malicious code in legislativeheronz3n npm...
Malicious code in nana-getas99-pore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f561ccf72a61cd0f3708b2c06d2daf8fa83f41d45f5fc465a112fce95df8a0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-65367
Malicious code in alerttortoisez3n npm...
MAL-2025-76731 Malicious code in ade-rangi26-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a337d18d322b9604e6de3e21dd8c0b12c3729c977262a58cc1b01caa6b38046e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lucky-plum-pike (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83a12967ce28e73b2de6a84a8cfdc72a4df4dfdea4c4323be4a643a18c42ead7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-52738
Malicious code in pleased-tan-cat npm...
MAL-2025-60347 Malicious code in efficient_python_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4248efc5435828bb9d4c4742a78542edcbdc00940263135331e467cc5c64d378 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-47200 Malicious code in ngx-trend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4ce4552eafe30b0ec3dfa40fc39012f7f3b56ffa76ec7c9304ef75681921318 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zalastax/nolb-passport-u (npm)
The package @zalastax/nolb-passport-u was found to contain malicious code...
Malicious code in ngf-attachments-list (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
7ghost (>=4.11.25 <=4.11.46), @100mslive/hms-excalidraw (>=0.1.3 <=0.1.14) +1242 more potentially affected by CVE-2024-37890 via ws (>=6.0.0 <=6.2.2)
ws NPM version =6.0.0, =4.11.25, =0.1.3, =0.0.1-bate.30, =0.0.1, =0.0.1, =7.0.0, =0.1.0, =4.4.0, =4.2.2, =2.9.0, =0.0.1-alpha.95, =1.0.0, =1.2.0, =1.6.2 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...
Malicious code in free-fortnite-skins-avicu (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66ea6e86784f4ba64d171619a1c37800732e9659932d3f2be1a7275235ded8f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...