137 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in hercules-deimos-superagent-webdriverio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d98d6bdee6ef3106d12f87df57e1e2b9c3528bfbddfd348a03903227af37f81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in meissa-perseus-eslint-europa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e806cff752234b07a544f7a82097f1f529d1e1a23d1d6276aab2245ee0cc70cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriver-manager-stratosphere-stratigraphy-stop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0934643185b5cbcc16307cc870692bbaf0a0c6ef0085d73916acdc478aa082fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188030 Malicious code in meteor-paleoclimatology-firebase-chromedriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a821cc361348d4284aa6f017dc34b7f3425d8f343062bed1071a8761fa8318c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186513 Malicious code in deimos-ceres-astro-isostasy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc2c519d821e0ab1fee4f93357d29d7e5adc440d117d25390326ed450e25002 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188922 Malicious code in proxima-uglify-js-biomimicry-quasar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6085fc2c81e721b45c04ee516ad7a516391cda5a680b8a0f5a453e4d561b21c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hitale-irher-aeswadaeaadde (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afee265ddd35432d68cbc3da26f51a8e611109cd0f0edbc990e6c8964f61eb4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hitale-irher-aeswasdweaddeassaeeaefederdafafaadde (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9d9efeee38d4f2eb78455cd5f30d9b969555c180bdde6c2b263d33ce8eea021 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lobac-ubb-afayoruaganu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6a90029c815983ecadbd7bfc4d777053cddfdaef8458630b4bd84be31d0034a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in loibac-ubg-tuagiga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86dda0d463972891d31ed77b216843f35b4cf9e11c48e2193db9461c05c50925 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181747 Malicious code in avangi-ogolia-inualubami (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4e2e44e7f5cfbee56d522da08697fade27491250de94613f8f6bdc9625e4829 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181965 Malicious code in flights-lutag-obo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdd661555dabb507cb2551fb6667531afa960289b63d90eb644f276688feb016 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lookingan-jeje12 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec76818df66c6c593854b330dc16b8d3152466603aa3a3b648e5518ceba3c971 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180409 Malicious code in teate-thy-sonic-gawoko (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e94f78f34c87b724ad34ffa164aaee0e3a4501b34d82a8129b6a32dcacf75baa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in digo-kaisoim-olosdssgggnika (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 605363d4634be7497bfc05b20c721e44b13653607e0f2585a5547fe663a3f126 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in godiat-tufam-iubata (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 109d10fac82b906b1bbd212bf5034964d5245491ba3c08ab42dfd95e35ffdcd7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hitachi-poke37 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f9b99321ede14f02b23b23d5792d9bcda8d86703a0f4eb257caf585475c268a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-177546 Malicious code in polymer-aa-aahai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528bdabfe278db5172816c7d221509d3494b22056b8c85d171e4453e74377875 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...