40 matches found
MAL-2026-5017 Malicious code in @mlspace/env-jupyter-server (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2025-186442 Malicious code in cygnus-tool-update-xenos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6dda9b734db336089ca3b7e1b189859e059a4a50e2263aa85436870537b513 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in polaris-octans-bootstrap-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e794a074d4ebf53311b8c15ed0a7590b87a6acfd2b98471fc90e6b52996200b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in greatfilter-lithosphere-isostasy-rocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f7d248bef693a8fe521be2c4a3d53ecdbed962532c5d5fdff3115cdb68648d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in inda-fodja-g (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d497107c4e4a0ed32d4bc6fee44d2ada243a1951810350f8dbf2f7faf2f285b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hitachi-poke118 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a0c04a24eb7040146a413ecc7572542ea408db5d83e36365d83aa265fb615c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178664 Malicious code in sgoodain-sanu-nuia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19449a929a10b93620292ad4667de9e865351b7ffde066e23c5611dc1b23cdea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155284 Malicious code in gifa-ot-uofuto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dae91c4e3bc91f43dcb596e15a13dbbb43ef706972678ad15c94e0e8aa1aff3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-162807 Malicious code in nokire-lokcek51 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c98e5d824aeca50e35400fabc8aa6313461db25b731dc1b8c102a696ec7d4bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in akabia-aliguafi-av (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b089a2a32017d484d4355e9fc4b527a8020f1f4fdbc4fb4ecba138c61851f4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in buffer-readable-geckodriver-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b954e06170c9954928e475e5e6c4b220edc4af31fa80dd5b75c4475ce0c0f9b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in triton-sirius-redis-eslint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a389ba92aa537b6a692d69e49d7613e04b83d6c6c30d29878b2d179117f167ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in passport-cassini-scorpius-nextjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edfeaf207c8033307054d2afd5fa9a887d2f689c734cee8c856bd84b55f166e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-145664 Malicious code in nova-postcss-loader-nuxtjs-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10a129ef4191202f0f2db76704ca51ebd60405bfa156b39b9ee8c9a0adc811c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147503 Malicious code in rollup-mui-canopus-phoenix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da036f3d7323a4315db349f89af20737016fc10490dfc341a138c1357c5b785 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mini-css-extract-plugin-postcss-hapi-protractor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01be8cfa96e4044e64f8c668c0d1417368b0897ee88586a73bd7dd7c873c629d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ganymede-rest-phenomic-event (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ed7963fe55bbca47672ca7abce137c3ae49e070fccf341b8686bf940e6b9998 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-138733 Malicious code in forward-olive-caribou (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cda4ab6b7f5634651a53d011f38d48135f98262fb93d7c8ca5fa323c1c33905a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-132902 Malicious code in dono-lupis39-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a0e57249cee9651c2acae5f507bc7f08d1a927514715cc9b4d3761de5abc99c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in laila-mangut61-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 923454bb98de73839950cd8441dcd02567b2bd468a080e30124cbcef31e8d61a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...