33 matches found
MAL-2026-4686 Malicious code in tempo-layout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...
Malicious code in cluster-sirius-promise-neutrino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 246366ab6b3632e7b423af9e451968b2bf746434d27260f7b68ffa2a924009ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187195 Malicious code in google-darkmatter-xerxes-europa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ebf4f02afff13d39f4452c4dca2f65f72a903b8733668a0cd9112e1e1f0e05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186843 Malicious code in eslint-plugin-fornax-auth-dactyl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be26c82a94b33272a9b5391a0f7fe3a8cb9d572639e42301d598f6ff497f416c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181857 Malicious code in avangs-olium-nila (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac12fa37a584dfc9c5da2f072287546acac08431d3e657eb261c398e5a554816 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183700 Malicious code in manu-oiads-gsisofai01 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dd6d83892da422712fe9570af403c96c7136e88509ce9caf0b4d8871abea4cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teate-thy-sonic-sawob (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a6d09483acc5ece0c6f4213483dac49cd8dc577f0e2e566eaa2144559668572 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-179078 Malicious code in thambi-ref-trers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f15b232fc23010556743ac7133744051f4911ee7f4c0a1e97f13eceb14ce3ae2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in budi-memeq-lodo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f2d48bc1995f2455498aa542951fa57f0c8c8b2906c27dc5dc83b72bb1fb7a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-171105 Malicious code in devendrasingh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01041e34a4d87960739b20f0a7b30491aaf24837f0386ee7e2fa11b05804c50d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pilka-luniu-kanulaniu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d1115b7f6f2070bb86ee2e7a9f12c6ddefa6793e972950ce87e44a5057955f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-151514 Malicious code in abiuna-mobile-amuasbioa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 116ad934a346db13c285cd7c2cdd7f17a3d257ccd7480b80271656ddc698fe54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-nakala22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a82461791b3d3c283ee8b51aea8d43be5303f6ec9b2aaab4108b5b6275a90de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in janus-firebase-mdx-supervisor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ea3dc71068a9a819c018750ef0b3763afd9a8a07546f9ebd567cb74b9520152 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sirius-chai-draco-taurus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63750a84ab1b7d13f7d418fd5189c787c08fc6ceb91617c2a4bdd8c7feea8c4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147527 Malicious code in rollup-plugin-xanthus-loglevel-dagda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09d7125875880e5be057a6c16197f00f70d4c6df5ad5728c884a762ff6238482 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in geckodriver-titan-weywot-nuxtjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edaed3bc26a79eac172ab1ba313845fb14e0cbaf5284b4847aa3eb43b3d53c2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in terser-webpack-plugin-non-blocking-gemini-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c690b3a4a77471e0179fcf51a1162f00ed5621bc5863c4189f2d879b998ad165 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriver-manager-lacerta-selenium-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f2ab098e92dc046b3cba8e813505000228ef44b5a810f73619199c39809807f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriver-manager-acamar-relay-publish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe92343fac4e143ed5924503e48e35b5cd45f6ef2db00cb32599c848322da94c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...