Malicious code in teate-thy-sonic-enewiw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6476e70fe779379f0cef8b4997e6c37537555d44e9e4168f770817d620cc226 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-173534 Malicious code in butahu-asfui-dspifh (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd4afde591a1bbb67bd7470a6ed3ed110c9e7432d6e9fb5585443e1e7b72557b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144351 Malicious code in levels-carpo-fusion-pulsar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d8d5f23e9140fa627019e2ea08fbc2a8abf4e959025b337ee09e444f301e6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hanafi-lapis29-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45dacc665d00465348ae5f86fca57d39edca5b42a6acf78e8bd1422ee59e6eda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-118160 Malicious code in xaver-rangginang55-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d495a1f52979b02732120282725367cef50d77b243cc783c7065fc59e5caca50 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in influential_duck_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 163001fe7831a7831aed43eec4d33a9154715d435b60ecdee206ac71fe1d3acc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hanafi-miebogor84-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec66f195c9e9f38eed87f150ea37488b4b16c9961fff2037974876129bea8841 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in siska-gembus49-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5f6ad97907b6c0558c865bc8b6cbbbd79d7f9b201425043ee2d398ad4a596f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-50327 Malicious code in erick-mangut23-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12261306ae7760f92a1ec99da157bcabafcaf041d2f0261fddd1e8c93aa63be6 The package erick-mangut23-miaww was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...

EUVD-2022-4767

Malicious code in bioql PyPI...

MAL-2025-6237 Malicious code in gafana-test-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a4e648e988f33de6b085bf631d45494adb7b9be241071b454c40705384ad7e6e The OpenSSF Package Analysis project identified 'gafana-test-utils' @...

MAL-2025-1383 Malicious code in rust-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f080c05d4a8b07c42704d1ef9fb6f6d30d4128e3f5976f6645a3b8858cb10580 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-377 Malicious code in amazon-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b2f3fdc024f82b11d080d27e18dfe206e477583ec84c8f2268b9e275c9bb36d7 The OpenSSF Package Analysis project identified 'amazon-db' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...