81 matches found
MAL-2026-4932 Malicious code in @cloudplatform-single-spa/marketplace-main (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @car-loans/deal (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
MAL-2025-187992 Malicious code in mesosphere-nanotechnology-got-scorpius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51ddaebeed905bd3e4d2efb4932a9094e6dada95ad1d5541fb3cc456209d2d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in index-load-rain-gamma-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d20949a738fe2df26f0b836a5b31063479b6418c708853c3d50f681b0d06dbc9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185843 Malicious code in blackhole-jupiter-spectron-webdriver-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1990d42487cdd6a4de6dd5f0cdff5a1a1751c2f65f643b9dc21407c36ed0ee3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185084 Malicious code in sonic-ks-ahagfua (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53890a966b324c94532d0d4d4bda7de02cc717eca2172f260c912b79f0ca9bd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178500 Malicious code in sahuar-satidaf-fab (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86af7d383b6e44dba730a9bcee571a4efb12e05d0cafaaa8a5bb3844484840ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tanura-sui-dafu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6dbe6945cffd73663d1638a5b13e4d6adb70b5101d45eecf69a6b1f0dea27f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-172368 Malicious code in hereis-maniac-tanbu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9380ae541884a909cf86587fe05fc2dc7b4ab137dea2665fad39c509eaf89524 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in carloshenrique (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fa5ffc8bccf121ecbca5da41ba11811e9a1dceaed15d95e0529cfa5a9bc8ecd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-171392 Malicious code in jacobphillips (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08911b41f2ca716828b7d1ddcba022d721aae2f9a52eb62a320f71b15ad9264c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-arhani30 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dcd36820c08cfe1a381ac49083be86800eebaf2961f9fc2f26635a78eadd802 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dajouka-reta-tac (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9ed8241b5d9e5aa96f02af1ae354f15e04c2c311976c9f48236de8c7477d537 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cinta-84 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97dd5f585b8e286d947e458fe4b771e06b093b6a6a252a51f7796f0347d4bba9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-154887 Malicious code in fadila-poke151 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1e863812009a74e9569d88f4581d56514644211eb4abf7428c36ad711a78f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in diago-kulp-kabamkuloloi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ff55344787ac077f8758ceace865a2ad795d3fe619ae35ba7a6f7ae7f3bff3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-162051 Malicious code in neda-fofiri-agoai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5478a07a5e3317b9c2e1e70402bc0d5a46d502e61f605be5b5d10ad0a2a7dadd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-167445 Malicious code in teagood-nalikami45 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca9c1489b984f246612a3e213100b430bddc6f1172af0fa3f8f16e41d292b796 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-150216 Malicious code in @mipta1/sauspf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a12ff3af3595843730297a60647948f1ebb849abaae9f7250ff40b49f2ae38a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nabuf-oguof-dusaboui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3dcedb18150479b1abbae98c7d6b94b3194c3a7f99631f55e6468365c68cc81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...