Malicious code in @antv/s2-vue (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in pino-pretty-radiant-less-loader-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56f26e9ea5896df0ce372833130544656e3589f313b17873c4069dfdc07eab2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in event-husky-tachyon-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47d6d40bbd46796ffe0433b9e3e0fd88b76fb46ceb7a4973ff526bea29bf1b9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tachyon-mesosphere-spinner-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0199d4ad6da5ed57f1010cac95dc16558ece4d84ae6e6c6fb857dc52e6c6370 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mocha-neptunology-flare-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6d37bf0614ce1300b08987292992ee91266002a191b2baf94fb221bc877a9b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gamma-integer-hash-double-tau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68843289b91c66d58ea6949f006e97f32e4b097feb47c1b22cf3d57e75c7050a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rocket-fomalhaut-sirius-kronos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 344f2bc058eebc6954eb5e9126619426a4e49a9670f2df757ea7590314e6af3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fork-crust-filament-kardashevscale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eacd2de681ec1c3e693bda71b1a50f3636b7bfc63e53f158913c115b5c5e658e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriverio-vuetify-antares-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec458e52a9b2de78104cd2be4d4519b5b8c449a2cbcc9ea5ba651143ee5dc1e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in emulate-private-alpha-decompress-view (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a73cd7def8995cb1c4f464021cd52d52ea06de08bba825ef6747549710d415d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in astrophysics-mesosphere-neptunology-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 684bd004536091223ef4c99151f120e9e68cf9d9e4b2583634be658dd965d50d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in native-rate-limiter-uninstall-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f38f83b9375b1dbb5616eb88f859c2dc6f2ddb8d31a21fdcdf96be69a301dd89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in helmet-pegasus-non-blocking-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14468cf08644b774f382415ed7ea9da2eca47006b532d6e5389e4ad5a9f45130 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in taurus-winston-panspermia-neuromorphic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e83d2cd6b9bc072d292c08b72596bfeb053e4d083b485191205648263cf806a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in socketio-polaris-restart-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e80f723fb0c38fbfaf0efdc1c70d08acd508343dbd594e403fca9751fb9b1719 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in table-private-module-zero-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c75ce0251dcdeefdacf81cb4b3bc7b73a647e814e9cb35b7f9ba4a7729ba677 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in solis-semantic-release-pm2-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25f3fbcd8cfd3f79b4077a30db2336a9949bd3aed84da84464d9498779874eb6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in public-perseus-zenith-blitz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1e0fda9529023a9e7ae60ebe50dfb049b2ebe3a6ca123f31ad56a1ef6721213 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in futurology-quantum-mysql-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c6a031d73955fc96cbf2c1abde2b595b5a638ce451b56051a15dcee2c81b161 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in development-cypress-nebula-spectron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da745b9e11fa6ffe295744cf5037a33207878a84455b8a94772169f66e89c3f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...