17 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
MAL-2025-162397 Malicious code in nokire-arhani80 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ac04c0dd1381eb74901786eab9380f31eb32041f38031923a7d8018d9a6c195 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155272 Malicious code in gibafa-otatu-umita (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27314a5614955d20e12ce0b7690fe9642c06a84160a0c06be242b4a1207e9b3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155544 Malicious code in gurs-munira (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885bb86aa5ee1cd71eeaaad4f05db908d69d2a075d815da4e312959e88b45f3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155565 Malicious code in hafiz-11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 481c53e5b2a6da6253dc281e33be64b0bef3094aa40725090db14f32c997a38f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mafns-matfddu-masan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fede969448ce0702f59e34889532f16d5dc5701a40a1f485d351b2f5c88409e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-148410 Malicious code in sure_prawn_chocolate-35 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 502c42456a9adf739a7c0279677f494d3054de846c56377e8082c7a56824c035 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139386 Malicious code in andromeda-toml-norma-procyon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b25fe696f1278a9019e467586cc3593dbe3da702993f1657696c7200984b89c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-136342 Malicious code in putra-sate52-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bb9e06a32e5ff15890c344fecc858d56298798fc67bc27ccbd0b2b5e60b20dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rina-papeda65-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4aaca4e2d7a72dcc5d0ef58b25380415788dc714ef0a68f43f5ea6aafcc0549 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tropical_raven_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6321d648b08ee593b017c7549cce2de67e8b991a4e117ba0e4e06a12481ad080 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-114927 Malicious code in iwan-lodeh48-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18411e865d4a734da1ca73d34c717a8cf573586cb799cc3de4137b0224d59a89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-106760 Malicious code in optimistic_turtle-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8308caa8444d2c1b1e847c7bd440c224e1e1b9b3f632b0dc38a8abdb941d7265 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-103772 Malicious code in homely_swallow_replicate_automation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c7175dad123e870ab4f3bc10eb105917adc1942d52002a8033f785f2e493384 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fixed-gray-skink (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdee1bfc64534c29547f8fe881d8d1796506458dd07a9a111f1d344ea0abb3cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-52358 Malicious code in ocha-takokak2-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a80a41791bc23e3f7b9d837e454777d9241f70aec1b769acf36a44bfd916bc0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...