164 matches found
MAL-2025-191442 Malicious code in uniswap-smart-order-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbda3147fde915a97ddd97f51f5ebc1757fa14bca7cad95f333862ad125c3c1 The package uniswap-smart-order-router was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191020 Malicious code in tcsp-test-vd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f8fd99690655a6e155948c83b8baf3c7d03d10aa4adec3a8e87ed21a96921e The package tcsp-test-vd was found to contain malicious code. Source: ghsa-malware bbc33c9b0da4ee5d72787025ea4a8ca6f7c7b140ba2cb7fa40a3cf6703cb61c8 A...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-190675 Malicious code in @posthog/rrweb-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de65400909e7dab680997106feffcc22e5a954f60fe775e82db28e5529bacb0c The package @posthog/rrweb-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190579 Malicious code in hellospa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0582933888e4badd81ead15c78b68f8de23a0c728b5a1584f737bedcfd569184 The package hellospa was found to contain malicious code. Source: ghsa-malware f4e9282a1da51cf6409a4e5196d718d73e8f6f8dbddd339cbdd0535658517576 Any...
Malicious code in bunyan-spectron-webdriver-less-magellan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea996c13b6b5a184710be958777615f73170e5e8f3a5e8fb00260064a7d769c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187537 Malicious code in iota-geomorphology-rate-limiter-jasmine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 346e3847a3afae7b06fc9b4ad231de81c16e9d099a34651a5080fcd332454451 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in markdown-electron-europa-markdownlint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da241035c8c6043578692ac4ee05dd47f6b4d6d0a9301ddc80f8497055acb487 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sirius-lynx-antares-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe1b1189742e5aae02454df7ad46c469deecbe1d18ea01b1feb3d6b00b7c548d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avangs-olium-nt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb983febd18968a8597732bf01c611ca293ca69c6a38ec0b596c88fa6ef2550 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184378 Malicious code in modiov-kihan-avcafivaviagfavacd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c650f0e8c53b9b025821490b969d1c64c2e2676c78c2cead71990c773ed7285 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-182879 Malicious code in itale-adci-ggryuyegfjbsgbebu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48865573f9e64826fa7e55a1c09465cc8880f2886200d6fa7a69245fd171afa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184805 Malicious code in poliaoz-aiksdfo-alfdaad (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e0dbb80930a33d34b79f8865f21ee5d22302a9dfc9a9a8d429d543f856a43c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avangi-olia-iaiai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47093a7d8448c760ea60c35f842c7e45f15ea4b3b9d0f0e4292175c4c700ea29 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180639 Malicious code in teate-thy-sonic-lepeb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20082f10f6c35c2708b3f4a5a17777da0ab038431132dd434caa633b6c9beda7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in goodaan-ngafsa-nufuabaif (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5318a23f70387f3f2081152414ac260481b12a474acc6cc71298fdbb4bee733 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-174457 Malicious code in goodain-nusaia-nufti (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee86108aeedf1f8238b5e28b0c66e6f5eceb571ba29f0dd1b8e2baed3208122c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hunimana-satiub-naiboib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed914dd74ae15e0abdead71a81a5b85b987875a307900621501dea8bade077e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in abbdi-putri-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8769999eef7765c6168b9cf1f19a4c304728d88c42984d8537bb684edbfb9ca2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kapvino-sovni-gbfafgafaibsi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff260f50d9054ac85f64c2389a4ce9fdea882c72d707d8964fc750823c9f8dca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...