EUVD-2025-176944

Malicious code in psi-sudo-key-simulate-double npm...

Malicious code in @akunsansan0/kopi3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 838b2fe61149882e9b2742be60f115634d6ae7fcf17bf26f5e8bd634bafc06b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-174552 Malicious code in haritono-poke16 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67e75e2a878dee62ae66da04541fd65ead2cf177b06bd2e19f08123c934f6ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-98818

Malicious code in fitri-miebogor65-riris npm...

MAL-2025-123062 Malicious code in rudi-lontong59-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86e60551c7397927c39d8a95f73231a4cfeae414cfe6451d772108924ea0cff4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in worthy_clam_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 910704ec769f37c2712d29ad0139b792a5dbe65c8ac4a98df09d067aeebe4bd7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-52624 Malicious code in vida-empal57-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89e2cbeb5f021632bf11478b548061ef1736d7b1198a503092a3aebd3e33ac08 The package vida-empal57-sluey was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...

Malicious code in @art-ws/db-context (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72aeba541e18c7562da7a71bea780fecdb34e6a64f033ee26245d2349ca786df Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in @juigorg/voluptas-perferendis-eius (npm)

The package @juigorg/voluptas-perferendis-eius was found to contain malicious code...

0xgank-tea-advice-pull (=1.0.0), 0xgank-tea-balance-pencil (=1.0.0) +8769 more potentially affected by CVE-2022-37601 via loader-utils (>=2.0.0 <=2.0.2)

loader-utils NPM version =2.0.0, =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on loader-utils and may be impacted: - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0...

Malicious Package

Overview dogwhohacks-research-security-do-not-install is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...