446 matches found
Malicious code in mcp-server-redis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c94a122c1dd231888bc72b52cbef5dbdd793d2680f7e7e36385bd06e07dc20fd Package claims the unscoped name mcp-server-redis to intercept npx mcp-server-redis invocations intended for the legitimate MCP Redis server ecosyste...
Malicious code in @rockawayx/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e286c45b54ab9002ef8b7eec7ec686afc0bb82c2867c3640c460c8d1052b2bab @rockawayx/utils squats the unclaimed @rockawayx npm scope and runs a preinstall beacon on every install. package.json declares "preinstall": "node...
MAL-2026-5178 Malicious code in tronlab (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 44a6e385a64a2319d00a77e4eb063dd97f8a54dff9df20653fec1f3c3d40ecb9 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...
Malicious code in @cloudplatform-single-spa/svp-gateways (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious code in @catamania/ui-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 326cc4cf1fbe96c77b6340df59ebea040cdd522e3e4bc76471563190044cf53a The package declares a postinstall lifecycle hook "postinstall": "node postinstall.js" in package.json that runs automatically during npm install...
MAL-2025-185386 Malicious code in adonis-cosmos-eslint-plugin-izar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f51440d13be3a94db6138efdff6d65f7d866cbf0118a7f11859f4508a808663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in forever-cypress-public-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86d8f2b7403fb7a57f1c5c0016932bfade7e558ec54a15aa56686d6a7431ea8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in entanglement-australis-event-leda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fe1daef2ddabff000c930f4c64f389381e92e08eed834fbbb30fe6bb729393f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in json-docusaurus-terser-aurora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2a92e7f61c80858f54bd20a3fd7e937f27f7d9ed09ec3e392e39a2ab47a204e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in prettier-despina-gacrux-shelljs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00fec6deb30bd5cd5a5e545dce825592415f1f20a4686a084e6cb1c5169e3902 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187102 Malicious code in ganymede-levels-changelog-norma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4be57e2d19eef99afd220a750db064df4bbc79106573179cd8f3529f363bbaaf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sirius-spectron-webdriver-mutation-glaciology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9e68fd5f36e91ed5d055cf305c8aaa3cbad0639e36219d2bc00df0237ff9c4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in short-encrypt-root-visualize-visualize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdabb259765a3cb3fccffff07405833bdb2511ebd0f4bc5940844e0867525209 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in byte-runtime-easy-promise-transpile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325875c77ac94cceec81e2be9da4d8c3435e647db500e4d50cc6529b1dab65a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188212 Malicious code in neptune-barnard-mdx-less-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab7c0e0acd449d91091dc3badd8761736dd2387ceacb715698941f9b53f6e56b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tectonophysics-transform-crust-sagitta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362c7a3c2a387c1b0b23c2ad16e0ff6e12215ac224b7fe3f752d831110cf1fcd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in commitlint-resolvers-procyon-pm2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c84a42a0bd7b27857197441ce982e9035d4e93ebf009d7bb23942627d9ce0b70 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in resolve-code-sun-sanitize-fast (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abdbdcc8fb619c74fdb9b14089fa86dadcd27a20aad53d18bd359bd1f2d0664b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...