3497 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in virgo-build-equinox-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9961e2c6deaa43a8d67fbb4833931e4dc8d80f69499fa9dc63c9ee7d592e7c3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cosmogenic-spinner-andromeda-quasarjet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3192e1b1356672c3cd9c2ed6782552c38b1e7b45566fb986f074c3a22823a61b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in emulate-catch-file-mu-parse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 780b4f9548afe60317b667414bbc56a8f0601ac37ed12885df88706ecec718ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in despina-publish-spectron-webdriver-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c96b02a08c822eca34bf2d23c33a2cc000664ca7467c6f82190e3f34e52328fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in draco-terser-webpack-plugin-hermes-corvus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfc47154389db6b336180cea32210fc4d2ad1ab645c023aa1af51c7d31900f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in auth0-iota-gridsome-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb58f2424f664639c22ae1fffb57918026a703cfd5b8a0238556a9fd7c571095 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aether-dione-test-markdown-pdf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb259ccaf3d1c636e4a75212af3fb8173b2ac77a1199ddb3181a1018bcf258ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in long-class-report-grep-catch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c531eb996fac38a8cea19ed3fe4e78e127323d14b9f80d1cd2edf596cad55e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in stack-bundle-public-air-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36a6dad623ae43208f3d2ce6d58b9a6877f82f8d1b29ce106c6cf596c71f8fb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in impulse-sedna-sedna-cryovolcano (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e69eddaae3c39a32407655f5a4a6db2137f9f60b9ad3397f4708efc948e94aa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tau-data-grid-minify-function (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51fd667a40b0b62ada505565aab53c39d96f06b26be3e9b5ce274831637ecbcc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cryonics-cypress-stream-lithosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e533649bc4d4bab67fc1c2e430b01f993e7a362899875e82326aecb1f8770f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oortcloud-zephyr-kinetic-acamar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b32d3835116fa51b0ca9e1a21f2e8ae7dbce3dd0ea885e925e6b8237c337bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in event-miranda-rest-semantic-release (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acccf89c905da91626d03d95cb26599e6d673600757370009e4ae8d8b0962900 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in forever-heka-polaris-elektra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 549cbeccda483381d702c303bbb17493a0b42b4983911a75c13b972b2178d872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pipe-cloud-try-assert-grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd568cad8ce32be5229100a77795fc873913ab9e69eb170a41cfc941c01ef28c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...