75 matches found
Malicious code in rstreams-metrics (npm)
The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious code in karem4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a1d3bd676881934532a2e75fd644e22b2e4f26fb08bde6d48ff6d529de7467d The package karem4 was found to contain malicious code. Source: ossf-package-analysis b843a0d849da7453ce803b77a117a501a3b1e4b04eae8222d3b59d48438931c...
Malicious code in airbnb-mensa-geochemistry-husky (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 461789ded976ec21d5ed453dba1ce5adf24b99d90b2a96b833566afddbb99068 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189675 Malicious code in stratigraphy-castor-subduction-thermochronology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f95e074cf44d088a943a7366dcf7a4c1bcf3bd044d9b79a6733eab0a5ec6e5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-182642 Malicious code in imugiay-avg-daiugadajdufij (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d99d4e1d71eddebea66b98c5c96698b940e990c10c38e7e8fcb96e154eb72ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-134734
Malicious code in anais-papmoa-yama0paiog npm...
MAL-2025-180930 Malicious code in teate-thy-sonic-selwe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73ab9c0ad863c7f1263892cb683c7ba2d77239db174d1efe35251c704f9ee259 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-141161
Malicious code in kapo-sadamuda-mimanua npm...
MAL-2025-172726 Malicious code in affri-zidan-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66131e784783421656cc31ce8d41a75b1793f763b27b4402d9a0805a9512d0b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teagood-manaki11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea7958219df62531a2155b133dd1df5b2494734e309f0f30d65dd05094275505 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in akanabi-aibia-bau (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd4087f82cfe1f0042e05e33c3f3d231764c7ef3ac274603bf0abdd30b8682b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-genji82 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a605b701b64087beebe6baab1614d10ca4d2b64cd5c3f968081182d794f497f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tadashi-tssu-renew (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6818a8a99356bd1c1cf31a80787547b40ec89346fb2f08ccc41c38eb28f61294 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-165325 Malicious code in sabua-muhasi-nafaya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85245fffe58a8419e7d1c42902b316b129ea2901a3e0c15c7e0ce9de1221f15d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156891 Malicious code in irashi-2aa-a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fea4306e8c518625590928f49ee35475a775bde8850db9021a7ccf7f216113e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156430 Malicious code in inal-poke43 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41e5bacee1b992da06840ac54e8d5864152bc646d88b02bbca449a7806cd724b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155592 Malicious code in hafiz-36 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c322091041c59de02afc3628ca58be55afcfa4aa5935c82b551154f2922b836 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...