35 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in webdriver-manager-stratosphere-stratigraphy-stop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0934643185b5cbcc16307cc870692bbaf0a0c6ef0085d73916acdc478aa082fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188922 Malicious code in proxima-uglify-js-biomimicry-quasar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6085fc2c81e721b45c04ee516ad7a516391cda5a680b8a0f5a453e4d561b21c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in meissa-perseus-eslint-europa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e806cff752234b07a544f7a82097f1f529d1e1a23d1d6276aab2245ee0cc70cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in butanaih-fafisa-pajifaasi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b0283335051f47c8dc32fdee54680e0d6d2b149992033811820c9c8f199329d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-177861 Malicious code in polymer-avof-ahao (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd96b39fc6ffbf803a105f58fc4e2816b5ea97b3e39ae5e3ef956a9887f19de1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-163592 Malicious code in nokire-zabuza97 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7645b667e4727ed5659ce46c9792ee4374c9b2252c0c974c0981a2d891a524f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-157717 Malicious code in kuinsu-lki-kopanusnataiabumi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86ab45c651dd82d4a6c351f96e1d013a9a0dcdb7bdfac020e7857e33575c7b08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in @miptaa02/misra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 214a37ad3ed6000d671e26aef2cf69e01d7dc3f90fe27edc5e7ed1d3e4655524 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152662 Malicious code in andriani-poke5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82a2aa503ccae8d3704baa8cecbcd534bfe496f5c491923142c5eb8c0d624ad0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in commitizen-concurrently-fomalhaut-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2f42ebaa574e7ee90b1b6d3611a83350c54b9886394a7d37a7ad315af7a0d02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142790 Malicious code in galaxy-karma-restart-wasat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64caec3afd9589b18de53d7cb1fa655578c4d3baa58c69faf1441ec3b4cf0ce2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146289 Malicious code in playwright-yonder-module-nodemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b8a88d8d6c9de0dc9811395ffc27c01a2b4ffde660a8f412ebbeaa8db6930e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-148919 Malicious code in umbra-fomalhaut-cypress-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e610ac0879d7d61e6f41f0587dd9f753775a9d82956e80f4a8a486ae1f56d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lutfi-sasag3-sumpek (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2aca58b6ec9bef74eb8e349d4c4df616bbaa8b1580e7982985f272b9fba0a4d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-133875 Malicious code in gita-soto95-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a043f344a0f444eafa4d4694f9df5ef0e09389fa8965dd5d86dd52386e322ba1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gita-tiwul82-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dad2b2d41bb24ccf6bdb533689672298df00b70b8fd03997a0d9b2e0842680cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gothic_guan_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29776bbfaed7c4b03464e14a7f5fa53a2b6fda742f65fe0dc5a7e2fca590037 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-138470 Malicious code in zaki-kupat54-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ae42940136984a28dd563ef6a210642790c7131b9854b486573f98126e43947 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...