3497 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in event-miranda-rest-semantic-release (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acccf89c905da91626d03d95cb26599e6d673600757370009e4ae8d8b0962900 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in despina-publish-spectron-webdriver-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c96b02a08c822eca34bf2d23c33a2cc000664ca7467c6f82190e3f34e52328fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cassini-hawkingradiation-rocket-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5253824e08b7a2567634e293db52907f34094d4adacb6b4ba2c609be5a522aab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in impulse-sedna-sedna-cryovolcano (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e69eddaae3c39a32407655f5a4a6db2137f9f60b9ad3397f4708efc948e94aa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189247 Malicious code in rimraf-playwright-morgan-norma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 605f4589e9fb73840fa4862f5d97c83687042c57fc5d073de4da60df0027fecb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185732 Malicious code in bad-grep-web-private-cat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1d19046a243867da27ff2fbe8d4c548771683ae883e3ca87a73b415622faf09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189667 Malicious code in steganography-yaml-quark-geochronology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dbc57cb69903aaa2db9f1b9e287c532e67cb38af8417ad3e70686986e074406 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188775 Malicious code in postcss-development-cosmogenic-mongodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f482ac6e62892d5ceda6f97905d2b05160346c3470ce98335fb68ac7972e391 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188139 Malicious code in mui-meissa-subscription-event (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e80d941c3ae4c03da2554b9884257c7aa6be8bde051d376559e56e35e912880 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186231 Malicious code in command-dotenv-betelgeuse-neutronstar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03c0eda4bbcf824a758435c6c4648e1bacf43810c9b85cf1effc8e2dde9f47c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in wind-psi-zeta-debug-zeta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cccb1fbb789018c346a5f6f4730f72aeec7f3a6b735977e2c9cd571c4d32b0a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in virgo-build-equinox-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9961e2c6deaa43a8d67fbb4833931e4dc8d80f69499fa9dc63c9ee7d592e7c3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in achernar-elara-flare-lyra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71604e145a0b1443f49a3500745d187e525fc1f9757d251712ef14e8943f17f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in corvus-darkmatter-titan-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ee347a8414e37c2db0dd852e5fcce8e90db1d785146cb6c111173d9d2a5b048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in forever-heka-polaris-elektra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 549cbeccda483381d702c303bbb17493a0b42b4983911a75c13b972b2178d872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in auth0-iota-gridsome-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb58f2424f664639c22ae1fffb57918026a703cfd5b8a0238556a9fd7c571095 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...