170 matches found
MAL-2026-5278 Malicious code in spateo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
MAL-2025-188407 Malicious code in old-import-decode-table-process (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3318615e0691a5ff419704ab106e4bb388891cfde25ae060e932dbbe49b4332 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in phi-shell-old-old-pi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddbf8b98f48373b31cbb5f1e89f4a12dbe3f2261af644871c9045b89528e7622 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cryptography-webdriver-manager-schema-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc67c3883cf7c7ca302f207d6de8605fafb02f7731fd2da71f762551c209aa18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gemini-csv-cryonics-castor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a57321bc7da3ae1f7471aa4b2daac2201509cd922f65a18ef0992a031b983c12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in saturnology-fomalhaut-geckodriver-resolvers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2caba52a6e0c88328d81e8c122e414d91225f1c1fc9d17f8a5aed4ff943da7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in paleobotany-nightwatch-epimetheus-spectroscopy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae70f0bfb1be3f0979973d806c8c3f2e10038776a5df86823b05868b76e4d20 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lepton-async-archaeogenetics-exoplanet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f676584cd19d58d3daad93d526fe717b85cbea7fc7cfdbdf085a8c6a7d81fef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188625 Malicious code in perseus-global-meissa-terser-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0d1ec9c95ff2971057d9bc9322cd0e3f96d82bf169f302e6f77174d3922dff9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eslint-config-uninstall-mongoose-superflare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4389e7f6cba244996efe78ec18203346fe48ed7af508ed9911925bb724a6fdee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186324 Malicious code in corvus-javascript-charon-semantic-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b3ec6da952c946bcdb511cd68067f74a208ceba883ec29ce8802e9ca8e1554b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in itale-adci-akontolbapakmuulolotlsrtjygfsri (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4733999062be85fdee2b9a79199ded07ab2d57785a8b5a8aadf3cb855ffc46e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in poliaoz-aiksdfo-alfdaadio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11955a8b6c1f2286d81b7eaac997b5c42e036454186a26276aa89fdb901b5fc2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in one-kiat-ibuarda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1ae965aa32fd400d9c1232f241b08a8f8b444feae42b8f4872c9961542de5e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181248 Malicious code in @akunsansan0/biru59 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee85808e8eb865fcefcf83491e1350b67b3aaceca3e162c16242b5da0d85efc8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kiudt-acog-efiuivucafav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 938b4e205d11406a429464a3c7abedb8ec037e6c7d4fd1678e6b00ca945b8092 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teadod-mipta15 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93e61cd5496b9529bc2667a2ad98bdafe60f9c208009b4d0a04b1cd2949178b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-172734 Malicious code in afriiiii-zidan-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 297de9d103d10986066438c9fcf87249bb2472ce4ace25e96ee3ced1b1b2234e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-177433 Malicious code in poglymer-ogminmh-ababbaga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91d7c08ee96a1a5ebd3d0043f34890a50f4268bf746ededd29eed9fcca3109cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...