3497 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in event-miranda-rest-semantic-release (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acccf89c905da91626d03d95cb26599e6d673600757370009e4ae8d8b0962900 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in despina-publish-spectron-webdriver-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c96b02a08c822eca34bf2d23c33a2cc000664ca7467c6f82190e3f34e52328fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cassini-hawkingradiation-rocket-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5253824e08b7a2567634e293db52907f34094d4adacb6b4ba2c609be5a522aab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in impulse-sedna-sedna-cryovolcano (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e69eddaae3c39a32407655f5a4a6db2137f9f60b9ad3397f4708efc948e94aa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in wind-psi-zeta-debug-zeta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cccb1fbb789018c346a5f6f4730f72aeec7f3a6b735977e2c9cd571c4d32b0a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in virgo-build-equinox-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9961e2c6deaa43a8d67fbb4833931e4dc8d80f69499fa9dc63c9ee7d592e7c3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in achernar-elara-flare-lyra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71604e145a0b1443f49a3500745d187e525fc1f9757d251712ef14e8943f17f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in corvus-darkmatter-titan-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ee347a8414e37c2db0dd852e5fcce8e90db1d785146cb6c111173d9d2a5b048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in forever-heka-polaris-elektra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 549cbeccda483381d702c303bbb17493a0b42b4983911a75c13b972b2178d872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in auth0-iota-gridsome-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb58f2424f664639c22ae1fffb57918026a703cfd5b8a0238556a9fd7c571095 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cryonics-cypress-stream-lithosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e533649bc4d4bab67fc1c2e430b01f993e7a362899875e82326aecb1f8770f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jasmine-cypress-gravity-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c35dd10a0b5c8d4d8b08bd196f82196d1f827f8aa2da53cab2ce753a17487cad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tau-data-grid-minify-function (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51fd667a40b0b62ada505565aab53c39d96f06b26be3e9b5ce274831637ecbcc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in geoarchaeology-archaeogenetics-spectron-webdriver-chromedriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d023e09a2edec33372bcdf7291dd928ab241ed4aa9f81604743121eb2b4a57a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in epimetheus-sagitta-cosmicweb-dactyl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90bc7aa72b27d6ff25deddb6571fb73ec8eb566c3846eddf42956cf6fb0fa976 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in error-alpha-sanitize-sanitize-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c05a938b12a3f015427b82e19d6772e1ff1d896c7088a090df2f14ff244015e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...