1910 matches found
Directory Traversal
Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Directory Traversal via the getBinsFromPackageManifest function. An attacker can modify file permissions outside the intended directory by supplying a crafted value in the...
Malicious code in centauri-xenobiology-prompts-foundation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1465d9ba39cc1b669215a53dc40fea20e44322f438f590b0c84e02c9abeab89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in xenos-xanthus-celeste-react-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e905ee031b2c4ef7912618f1d64a99f35e6da479055f1504c5b29a0adaac500 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ophiuchus-polaris-mineralogy-proteomics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6990907cf478a6777456e1509b1e4616038bb303ecad91eb09e0643fa34aef14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in greatfilter-lithosphere-isostasy-rocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f7d248bef693a8fe521be2c4a3d53ecdbed962532c5d5fdff3115cdb68648d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in update-meteor-jupiter-kaus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a6356d84e2bdfa2e9952503f7bfa22d9940fbccd3d5d7e5296766420d0ce81b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rollup-plugin-html-webpack-plugin-cordelia-rollup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2554973e6e1d34edad7b0276e63e4eb111a0a6bf2f4ddf64775f7090d414bc24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hot-float-moon-unix-fork (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc7cfe0783332584e55e88a0d036771aba6155e5b13fad52b4a4dbaf2311663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186474 Malicious code in dagda-pulsar-redshift-remark (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01eb7e5dee33aa92aeb7c166125c8a2a537b2b75814637049b7ce936ca515d24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188021 Malicious code in meteor-dysonswarm-geckodriver-grus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a885a9e540e123aba57de65173041c29a0894ea5ce3a14b3f8c7ef0369341f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in babel-isostasy-fork-buffer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4029f1afea75ea29252cb472964df460c97f3532605fa62b8d6b41fbc1c02350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in good-chi-nu-info-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f42b6bf2a01b6334b369bee120683abc5377dbaa3c0215c6a61aa6e01154bdbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eclipse-ursa-element-ui-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60b2f32fc1e6c1adb25c4d848fbe498ef1b40cff343779a68a89fa75d88f08b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lint-staged-lint-staged-auth-terser-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03253bd76fedc24d55504b970d032ee47ad508a341ba8a5531490b0b9ae15ee3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in centaurus-superagent-spinner-leda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91d406ed50d97258b1c60ee835ae0350d359b3f8576bc1a5411d4da722d37cb4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pegasus-nightwatch-nconf-selenium (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e249e84533ba3f5ff5d0be0c07b16886f7c224e9148d494ab0f395877026b2ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in link-loopback-hydrogeology-gacrux (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da395659e113c0159b3a1ffa62f95566815334d185057840f3d59b3c5e74e71f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jsonp-lacerta-eris-octans (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4338b9067de467c48ebcb22a68da6ba8445e72cde9039197e552af0dcfce6e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cordelia-async-chariklo-farout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1082e6a74aee52ffd5a2da69b0c99b63e1819f99a35a627fdce7a4b7582a049d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in auth-pm2-xo-google (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60541e6f176099b0b6014c32803b87028642aab5dbdef63c049df0f8c28d8ca1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...