11 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
MAL-2025-138670 Malicious code in dry-indigo-sole (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36dbf98e20619275027fd4151acecaf0ac913787eb11669176a745f6ee4bd1a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jaja-brongkos6-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92057b200a69e29c26932cbcaf8354ac4aae1769547f89566e6a5b28ebc544e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-126760 Malicious code in gilang-lapis80-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa6cef863ce0d3ebf7f6a399f300bcd97a00e7ff3363cb790ddf32e03db3aee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hendra-miebogor53-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3bfc973bdbe00667931c4e3c393c814c3e1ba549c3dd7b7e567d4560ae0e951 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-82961 Malicious code in ade-soto16-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2cece37a04a3ce622a068d0cf08a067400bb230aff871ade0ae04a7eca1cfb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ida-lapis11-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 713a1bb11a191fe1612ce707997aa7d49fc2e8b2c6155c2ce2e2adb9b779571e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-83332 Malicious code in arif-taiwan38-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e45aab2a776480bfe67352cad6b856ab73d7cffeb63de9fee36ba09b2db2b5ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-81523 Malicious code in surya-jamblang82-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6b7778f5fb79b1ff74543a8bd075c1f97b4911f6f0d71a46605e4b018b55a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vida-gandul31-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeac29dc2ff5989173f5b893303d42793df4b0243c2bd102311d5d69c9b6fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-55244 Malicious code in arif-naget84-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e21d32df2796ebe93276a5a889c65a4a6deba6a0d10ea6fe7f35d487c189e41c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...