Malicious Package

Overview elf-stats-sugarplum-fireplace-278 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

EUVD-2025-120020

Malicious code in linear-plum-cephalopod npm...

Malicious code in linear-plum-cephalopod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c818e662b2c1f0582429a212cfafdeb259044c5e9a61b528d10cd36a0bf61b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117506

Malicious code in bored-plum-lark npm...

EUVD-2025-117438

Malicious code in dominant-plum-bedbug npm...

EUVD-2025-117377

Malicious code in flexible-plum-chicken npm...

EUVD-2025-117346

Malicious code in gorgeous-plum-ant npm...

EUVD-2025-117345

Malicious code in gothic-plum-toucan npm...

EUVD-2025-117296

Malicious code in insufficient-plum-quail npm...

EUVD-2025-117273

Malicious code in legal-plum-goldfish npm...

EUVD-2025-117183

Malicious code in other-plum-booby npm...

EUVD-2025-117134

Malicious code in rear-plum-parakeet npm...

EUVD-2025-117101

Malicious code in serious-plum-mosquito npm...

EUVD-2025-117009

Malicious code in various-plum-echidna npm...

EUVD-2025-116995

Malicious code in vulnerable-plum-pigeon npm...

EUVD-2025-117485

Malicious code in coherent-plum-mule npm...

MAL-2025-139107 Malicious code in vulnerable-plum-pigeon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a894703ee849bb67c5b9e8c54abe66797e0f3ee6b9e34ff534a946b2aa758ab1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bored-plum-lark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a3d3322cd659440660ca27b138d537d5f1c9c36537a23fcb259c8eea296c058 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gothic-plum-toucan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2a609b5dcf10477d4d9e3252e4994993f6206ef46bb9c00c30ae5de5ffc8e7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in surrounding-plum-squid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5902a9b7554786612aecb5e4427670d316d9ec3193d84b1316cb54f8b9782d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...