32 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in @akunsansan0/pucuk9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3425ccfd2c31fde8bc566b60ed4d9dbe306795f6e40272ade87ba9ad2aa0171 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-179665 Malicious code in kisut-dfg-dufaduyan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7e03a8ffb74578ec999e4706b57597906f4cbbbb6fbf9e4b3ea5554c57f9515 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lookingan-nanakila79 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5eb4b684976998e284e9160b8940b7c382832456dba0437d189effc04d61ce75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152837 Malicious code in aril-38 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a12622c17a25cd1ab239e02ce0ed1ea6e83e8f68d57e772e8eea3d383fc81d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in manaf-yuki-manusua (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24d5b8249276827d9956620f96cca2d7f95d5c5de7dbfb10f180a838aef055c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-167513 Malicious code in teagood-nalikoli105 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc2e4306b212ecde80d9c9076d3b5b4c6349750b6353eb49cc590d23e665dd5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-162323 Malicious code in nokire-arhani13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56bd13af1e86c197c291485f6b66ada474a90329e6cf695a9bdc4b76cf6fbad6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-159609 Malicious code in manda-14 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5c2e7b0c203358f6e8e4bcd710a37874a094b008bb17c9b5d8629495f8c6cf7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144748 Malicious code in materialize-perseus-cors-prettier-plugin-markdown (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13afbe15d8656091b52500b3e2449e13aa2c36bac17c3a76e8a64ca6f572b8cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in local-child-process-supervisor-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b4eaf60354d0570e14c670da6c5ea1d1394c86e5490ab4c7cedb36b6413f77c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hydra-pipe-lint-yonder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf8bc7b83100d9034cd6ba13dcffc904a47fe59fa5d8bfe9e592b2496d9493a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oauth-grunt-ignite-framework (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a70b2cb2105c7e985d8b1a8300a90506bcf4491df82e912d93cf5cc72fcf3476 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in google-hermes-telesto-materialize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 583eed0b0920ff215525064915600ba5db9ac1537af94ba4462d0043514e7c64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-119383 Malicious code in devoted_leopon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dd7bc5d57712637557887a8720f77e72cbf5558caf47a63be22f729a7fde496 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-122732 Malicious code in putri-ubi95-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 219fd2dd4d247f97d339dbe7c2d55863c0b566b4073bba10f731250a20409660 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oktafian-serabi49-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c06bc2b8a34801664c1792f7d2980dae9a8598b7f527815a1ac5d133d449113 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in wonton-notthedevs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ae31bc1ebffdc021ae87298c02005ddaaf0ae2b5efca2f12fa53b35881d093 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...