74 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious code in karem4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a1d3bd676881934532a2e75fd644e22b2e4f26fb08bde6d48ff6d529de7467d The package karem4 was found to contain malicious code. Source: ossf-package-analysis b843a0d849da7453ce803b77a117a501a3b1e4b04eae8222d3b59d48438931c...
MAL-2025-189675 Malicious code in stratigraphy-castor-subduction-thermochronology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f95e074cf44d088a943a7366dcf7a4c1bcf3bd044d9b79a6733eab0a5ec6e5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in airbnb-mensa-geochemistry-husky (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 461789ded976ec21d5ed453dba1ce5adf24b99d90b2a96b833566afddbb99068 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-182642 Malicious code in imugiay-avg-daiugadajdufij (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d99d4e1d71eddebea66b98c5c96698b940e990c10c38e7e8fcb96e154eb72ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-134734
Malicious code in anais-papmoa-yama0paiog npm...
MAL-2025-180930 Malicious code in teate-thy-sonic-selwe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73ab9c0ad863c7f1263892cb683c7ba2d77239db174d1efe35251c704f9ee259 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-172726 Malicious code in affri-zidan-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66131e784783421656cc31ce8d41a75b1793f763b27b4402d9a0805a9512d0b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-141161
Malicious code in kapo-sadamuda-mimanua npm...
Malicious code in akanabi-aibia-bau (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd4087f82cfe1f0042e05e33c3f3d231764c7ef3ac274603bf0abdd30b8682b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-165325 Malicious code in sabua-muhasi-nafaya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85245fffe58a8419e7d1c42902b316b129ea2901a3e0c15c7e0ce9de1221f15d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-160890 Malicious code in munir-butya-tssyu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88d4f0a9ef3b70f69fd1fc3598e2702964262bcaf3af3d51969470aedac01e9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-genji82 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a605b701b64087beebe6baab1614d10ca4d2b64cd5c3f968081182d794f497f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155592 Malicious code in hafiz-36 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c322091041c59de02afc3628ca58be55afcfa4aa5935c82b551154f2922b836 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teagood-manaki11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea7958219df62531a2155b133dd1df5b2494734e309f0f30d65dd05094275505 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156430 Malicious code in inal-poke43 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41e5bacee1b992da06840ac54e8d5864152bc646d88b02bbca449a7806cd724b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156891 Malicious code in irashi-2aa-a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fea4306e8c518625590928f49ee35475a775bde8850db9021a7ccf7f216113e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tadashi-tssu-renew (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6818a8a99356bd1c1cf31a80787547b40ec89346fb2f08ccc41c38eb28f61294 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...