Malicious code in scan-only (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...

Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5143 Malicious code in @redhat-cloud-services/javascript-clients-shared (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Malicious code in cheerio-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d51a2885f4eaff732d1ef7ab065b04d21c59263b1212d5b92b92c87914ef879 cheerio-tool typosquats the popular cheerio HTML parser README claims 'Cheerio Tool utility helpers', keywords are 'lodash','utilities', and index.js...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Malicious code in dorado-jest-gatsby-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af9de4e8e9dafb88bdd63a361c5362004e17237ed4fcee7acb6bc660c15eecb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in oscillation-aquarius-ursa-parallax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7127678160b96508d807efcfe044a57b7f9a9206a3c2546e146450bed08b547 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in speleology-unuk-hydrogeology-supernova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54c4c49a2a50b6d2d44be0544067e69a2c0491f3559fe4c81e776971e31c8737 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in augmentedreality-mesosphere-style-loader-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1d853c7a12b620222d28136b0607993451c0a2b585bdb1e76a0f9f242509ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in oloc-yg-uhiti (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fba57695a8984988b05025ed9c96c29fda56cdb3a6716022dcc388528a917eb6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in unimna-safafi-naisffis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a89f9e9b5c97a52dd1b753de7d8e1397d162ec0a3a7bb6a48ce1795278cf695b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ameenrasheed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bca2510abed44e0967a5a6980acc3fa4999022aa38753dcbf3a75a686396a51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in piluka-kaialbu-kiuna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 408a131d91964452d4c29a9dca5cfd1b14a39f16b051eb553905002241b9693e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154136 Malicious code in dajouka-ad-rac (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6531589a8ed235910ddac0717d218f5bff765349d15f33c0101677c2af22ba0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tealove-reborn24 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f069d97a567c8f076c2212a2bf2e4c39b413727756dc3382f47df240ca7c03dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nokire-lokcek7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5145924704244854388ea82f48bdda1b9560350b417c351bca00f4c0d43ab8eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-165778 Malicious code in sau-naki-upsid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bed6e2687bf9552d36b578d87af347a4623878ceb8b74c179369fed9b74a3da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-161880 Malicious code in nasrul-poke103 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f88c2b0dda72ca72c738a9223d69262f9685ffc3eecfaf6a45e02dcbb0155eba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...