TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

MAL-2025-188314 Malicious code in node-sass-blitz-paleobotany-decoherence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b43637647ec10057b71123e304940b13b2033812622a4b8310d8e491678fe8af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-170814 Malicious code in ameerhussain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45696d279943f3b0ff78a49914b278c0254b8c9d27e1237fcc988f64dbccd7f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-163173 Malicious code in nokire-nana21 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0533514fbd11d87c736b95cf2e7a103c658f80b43f0b2f49586d16438a2e324 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148552 Malicious code in terser-webpack-plugin-foundation-less-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c15839f0d43950e7017ec6478f3d5043f812bc56814c15fb3687c2a636ce3446 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-113880 Malicious code in fajar-ruwet2-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a93bfc4097f35150abe451d0b8479f1b04eef6be598f889a5d94a1c564ec2b90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in selective_zebra_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8d031b19a33599e6a8e6497c42654db506e7df2810c0e5d41f3ad8283622c0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-66605 Malicious code in acceptable-olive-felidae (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af34240ea8b8d69d100f6bbcdf6e80a5c6d9c4a2d8d13d7d3610d0ca05827c42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...