2 matches found
MAL-2025-146020 Malicious code in pegasus-centauri-dione-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b742451b800a6b6c6ee2cb011daacd235a1ffbe76cd4d01bbc2640ba05c37405 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...