28 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
MAL-2025-186639 Malicious code in draco-gacrux-carpo-await (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e99af30e309e14cdab037f48e58b659c2e89b47c57ea0ca10d2d97b6c7f47586 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181993 Malicious code in flights-lutg-oidabilo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27041d654cedef123189d199b7f617041c7c94f9ee3c61a8db57bd7df566f39d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in manusidda-nusadsta-manud (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4028b0f7b8f9459c0989910777f0a4f6baa569eb0e8ce9ade2f39e21c12e9e9e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nurai-sutaf-danabia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 234230d6ca9a72313a64dcddd488a4d1a3f7e5208f8cc76e4013bd81e0d69a51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in divata-tug-iviobga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24f51239aecb8a81b4a5e5a83aae21145d6f31beab3a49921df3b85010fdb8eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jacobgreen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7d5074e498a6fb979f6e51b7205d8ba21b0e932eaa0f6b444b2396c0320052 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-171648 Malicious code in neulneul (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473718ab50f971d9e1f8c184c6e2ecb6a58dd97e74aba0ebfe0774c27dfbfdb6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aben-poke37 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b40f82cabc57e7fba42ab4b35b16afffaee3adf160d0242b9756f73479d77660 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-154581 Malicious code in dian-poke48 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 860c46bceed35bc62938bb4aa9823aea0673be53372e6a70541b388a9a010df1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152908 Malicious code in astia-al1f-dareagauaaso (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 412c17aaae99eba9b62e08e0ca827f6c803c386268ea8494f5abfdee38068c30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in taurus-weywot-zenobia-babel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 542d620ec307287a2edecb637cf7d0cc4db339f51baa18744193fc284ddb2748 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-137708 Malicious code in vera-kolak42-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ce10cc1017f93408b807a76f6841ea5bf84e0396ca329504baefaace682b982 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hadianto-peyek20-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 125c7f4097a93723e116cbe6a045de456676fbcb0ba27afbec9339ff51c64fe7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zain-ongol-ongol11-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1fd2563389ec2e3913d0fb14ae75f3c9514798d01f53c50a56416f4129c4a0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-114988 Malicious code in jaja-pecel80-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb08a6eed7fc52220306beaed8955a9e5469955434d6d3f3460a7ac9068a92c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-111224 Malicious code in yanti-teh48-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3598603833fae54fbb54e5a6a8ad31169dd9659ab702fcab5165d4dde535608 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-110300 Malicious code in utomo-tapai73-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e8dac583b535bcc5f74f139f87edace95e57d4c2095535bc08ce3328b0b1ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-87660 Malicious code in laila-bubur60-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f964952432f708bd463c85084e2190aad82351b0f40383c6c63fa754f26bed9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-91513 Malicious code in uncertain_mackerel_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe363ace6f0c4162fa0046fe0bf6085214fed9a647584e1231da4ba9e30f023c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...