MAL-2026-3666 Malicious code in 01-0redi7qgbz0uv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ceb633970757ab5d5ee0b64512c18d46be8402ac2169769101655a697ee5d6d the analysis found that this package has a garbage randomized name '01-0redi7qgbz0uv', empty description, placeholder test script, and an index.js th...

WordPress plugin WebP Express 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...

MAL-2025-85700 Malicious code in frightened_halibut_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38a3cfa316fe4f578c04ffd04675eafc43d5ffaefcd311c19f985cab5d54b18a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dewanto-toge46-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f4e02f1131bf74e748f3f4ce96003264a1f8f7e4e8bcd8df937afa5aa137fad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-84283 Malicious code in correct_catfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcbdfe4ea236aafc8d8a8b42c985465642c97df64c5a4910ac2aa2f13813a34f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-73564 Malicious code in iwan-botok62-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc6ac0550cb2a3908705f6a0def74e5d15b5308f8362e469b03c4d2ca0a51987 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tania-ikan8-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9168edb4fce68e9c070b2b6a6edb5e39a9afa74e1d316042e8f9a86ddd8e54af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-71770 Malicious code in zeroth-coffee-alligator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5b50b0af80bc0f600424c12403fe6a0081765a96613737a84039ca56e2f5c49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in galih-otak-otak80-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbaf5c7b10573aba24b574d0282a07ce4e060590b31585890b8236dc4c66d514 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dewi-jengkol75-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c5b07d012f2a801c06befee49452fccb79833b7364d660d9deb1b684e5c24a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...