3497 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in pm2-dorado-lithosphere-gravitationalwave (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0bf0122bf53ffd695ca74ef50913f10924601962d70f7e2efee47d07ce23d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in neptune-framework-cors-ora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3763b4aa9bd783df85d8f4890b25b52808b5ec0cc2cb74e17ff14ffe37444e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in achernar-elara-flare-lyra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71604e145a0b1443f49a3500745d187e525fc1f9757d251712ef14e8943f17f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in water-execute-rain-root-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6de575c2b404267b02a2a3ca2c624486aef9c70fac497b83043375c8c4080eac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in delphinus-run-script-deneb-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1febe7fd885b5c966dc69cd19fd2a810edb9ee8173ed44297bdffb35acb7f615 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in apollo-eigenstate-redis-dendrochronology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 759e0217eb98b243fac66ee07044f52bb45dcef07812a002d4b008377c2750a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ganymede-nestjs-izar-release-it (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a230d94bc32273176374265684eb0eccddbdcba4bbc1819c7f8b868ec0f5e35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in entanglement-cybernetics-process-capella (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e06586a765b530944155684e617df07ed0c29003a7453573c8a02a71bf0b1da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in geoarchaeology-archaeogenetics-spectron-webdriver-chromedriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d023e09a2edec33372bcdf7291dd928ab241ed4aa9f81604743121eb2b4a57a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in csv-mensa-hadron-sagitta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcad2a61b3271f09a9c91abfbe32624703525efb013fae44597034ae04873bb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in upgrade-quantum-computing-eslint-plugin-areology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f24884b7f8123dd633e86819d246df7e79be71c3680536de53b2cdce89ba5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in epimetheus-sagitta-cosmicweb-dactyl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90bc7aa72b27d6ff25deddb6571fb73ec8eb566c3846eddf42956cf6fb0fa976 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yakutsk-metalsmith-astrochemistry-terser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 716ae5e8aa43202b32c8b4a3aa8cf544d3e6ad69c383911d5515b92e5ed44899 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in short-load-user-slow-easy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 600c427ac4dd88f40cd0ddabf7f98443d4c4258c3bc18198c520b794f961865e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in forever-heka-polaris-elektra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 549cbeccda483381d702c303bbb17493a0b42b4983911a75c13b972b2178d872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in wind-psi-zeta-debug-zeta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cccb1fbb789018c346a5f6f4730f72aeec7f3a6b735977e2c9cd571c4d32b0a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...