MAL-2026-5228 Malicious code in autotel-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

MAL-2026-5227 Malicious code in autotel-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

MAL-2026-5213 Malicious code in autotel-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Malicious code in astroinformatics-ethology-venus-slidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 226e9d3d2ba28c131f256e2a26ec85fb9afec9418f57e00d7ec0b300e0e98206 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miranda-postcss-blitz-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea79ab04fc3a6ac4cbf5514fff31c3ed5fba441933ff5d9a861ea695d6fed4eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188132 Malicious code in mu-kernel-phi-transpile-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f82eca8c24515f3f57b6ab4d894be6fb0ac396fed83700b9e8795624a47e9f01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186024 Malicious code in castor-magellan-halley-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f91c2d58b576b6b398598b006ff7330ccf27b074f3ba12ea2377ed20fee56b1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190339 Malicious code in winston-polaris-rollup-despina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b576fdd56ff9baf91a0925f161f1f9f2f899f976ae949c93d85a8c5008e76f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in await-supercluster-prosthetics-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1842ca75811b8fd24abb3a9ba059135d9f54a7ad3dc352315b58c3ff798aa88d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in borealis-promise-spinner-ora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68c7357be2aa15b46b85c919af1456a68d791ec27c6ed54c2d089fda32b2e8e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eris-jekyll-cryovolcano-charon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78c6bf9654f4c623ec797e540eb954ccadb84659308a9899c1c079e94f206506 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-framework-umbra-uranology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 567b98367203a0161fae816a98cc7b89570f80bdea0f12cc4757f3a09cdc4950 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in janus-avior-superagent-ichnology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76d7e0f0d70899116b4fc6cea226c83b8d9abec5c181fad0840d0e4d2aad1cf2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-antares-luna-nashira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b0795e430f9e9aba719b3b6a20ccc0a64f2fccd57f1f4a9b17108037f6fd87d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mdx-cluster-oberon-terser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b8965688eff1e36ec9fec0425e4607b126d84930fd144532e03bc22d45cf69 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in node-sass-luna-ora-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 760a0317286196c791ed9fd5a105054c79342763e4acf1b914847ae4895dfc6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in proteomics-supernova-subduction-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcc3669407f31f9abb8cfe0cb205c8684e375a293f5e45b6db130c04b4ee1a0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rollup-neptune-webdriver-manager-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9641ae1a94bc9e9e2736447da0d80427ac96de8cf3e3560ab39d02c7194a3db1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-polaris-configstore-commitlint-config-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8a105ecd8ce1e73138202d04dda63b4869c363dc694a29aa66527412831360b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...