161 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in arcturus-centauri-iota-puppeteer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b062fbcc4e77a805c34328bb8e4095c779c20a7fe585cf258b619b7029d33cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eslint-config-jovian-middleware-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a08e1a70125c98d783c4675a920d9eefc7bf5a6891ae90b0e858fd9a3a898c82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in xanthus-child-process-radiant-biotechnology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0772cba129a84f6a60d24186646d0488d9fea195f97e08ef3a181221632a17c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in wezen-hexo-update-lithosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29b835942f6a8543c810550c04c687136135ae9e3c47b61eb95bd234b7c13caa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188560 Malicious code in parcel-panspermia-commitlint-config-angular-tectonophysics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad7ce5ec778c0d8a09caa214fc9ed62c9222306281fcc29ee88e7c4f779e7806 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188534 Malicious code in paleontology-lyra-hercules-protractor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6719be20e59d8b45e65d841f7ecb4762b0113345b1250aca102c4a5cc12ac0cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in passport-nightwatch-sedna-karma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 590d2c8ef0713d21221fbae7ee5e08dbd5bc8bb6d9956061ea4aba71ab61dc4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189208 Malicious code in resonance-middleware-octans-graviton (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9970ca8ef6e7f17379376bad34acd43e416abc3403acca977d152258ab4811af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in callisto-europa-relay-bootes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8337c1aab47dce5ea62275961be6d7adbca72d2db41dead4570adfb04582fd5d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quark-aquarius-weywot-prettier-stylelint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30996d68f5a3eaaa198028e609182507bbc8d9d2c5693f797f51dc0ec35e1c17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in planckscale-lynx-global-transform (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d3a6f504f1e5767dfec6a0695658c17cb181816e481c901e238aa4397ec5924 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184182 Malicious code in modaiv-kvu-ibuagob (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2aad233b8917cb3f35a7709328cbcf4338dea881f240a4cc57c6f2258e0d333 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181681 Malicious code in astam-ift-diugoa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7dba908e61c5498cf98a5ebb7f56ef9404d768ceb83af01e3077d940790bfaa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184822 Malicious code in poliaoz-aiksgsdfo-ahksgasifsdsdn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccaae5865c5716d094d08784484fcb7cb893fc1794eca28f0309777721461875 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-182848 Malicious code in itale-adci-ggpanekyu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87b0bb3e75b240082accea45fa79ee046de1da323c0c72726f296b8646669449 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-182558 Malicious code in imuay-aig-iyucauyafg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bf9c67acbdb7f60f6fd018563278026afea4dcb24f7074082720a7f7f936152 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in @akunsansan0/biru2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1851daefbecbc23f3bba9a063c72fab4d264e93ca6f007b84de56f07884fc96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in anais-papoa-0paufafui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff966dc269ebdb4666f03db51b335d8479e7d023e269ffd554043a5e60805041 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...