33 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-186305 Malicious code in cordelia-cors-lyra-accretion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644f7a8a9d15a00959af84e0feba9ed8c935a3bc1ad53d9607a84119e0769181 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ewa-poke31 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4050d797d608df4ee71a45281370a71d3b922739154279b8f083ad5bb17ad951 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tealoveness22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc9605787338a35cd3b784962dedd66d189fee87fa05d49856eb06910a1531a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-166939 Malicious code in teagood-lokika71 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecb7e5e7a7e204607a169336b523d9260b4ae206cca997b0bd3179d9d618f345 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-154327 Malicious code in dia-43 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be33a2123dfe2a0e3c0b098150827e8956a7e8029dabc1c2daedcb25ba1560c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in umbra-mutation-morgan-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f51402fb8b8c25416667a5b7b23d3fe2005b81480481f1b4b256cb4a9f4c822 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143908 Malicious code in jekyll-jsonp-slidev-bunyan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d2c19ffc072417b88e79594ce1548a2caa26fb7c0f04a4431f02b23a697f7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kiki-kue64-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5faab8afd3130212129665acc6bbd801d6cefcff9bbbfea8987c6a062891aed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in joko-jus10-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d71dea17559e00562b942df80f9fbbfb7841f12869368f0bcfbba31e9287bcf0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-124704 Malicious code in zonal_kangaroo_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e755e90170de172266bf21a12979c54319bbb7c7da1b90e8dfc3c96fb92683a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-114452 Malicious code in hadianto-dodol82-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fbab4556ddb131460170f53b66a3d3dd77731b3713ede85708c233d4d9bef58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eka-takokak8-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb22a092d61349c2a3abdfdf7b9cfb12f7eb80443bc834524941600e84a2a562 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sinta-sroto83-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c2bf0a4ec121aa33f338f60e6fb5b5114cf287fe57d6a2c524b73ac20d90c6b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in udin-buburayam70-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d387391e0543d051cf9f9b6e9ab3040eb45f3dd79eb1db248569bb3f97ee41b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-114941 Malicious code in iwan-soto1-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4347a3fad48610e37e46ff944b97c7db6b86a0eac752de4d9135e83825193725 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sore_porcupine_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd807d8350381c389f27c0f8369f4283b2c757ff958c8a5f44b5e01a1d05d14e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in stormy_vulture_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d080c0e7820a4faf2841e9f30a74f5d27bc98dad19518c8bbd4f91940efc00cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in putri-pecel57-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ae2bd0c7082b72b8940dbf05f5f078854240547ed8b799912e7947b4c0f4d55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sari-oncom3-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c136ec2cc9e3e38808596a750acff714e592b33a3a56b409c604dbdd1cc867ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...