Malicious code in gator-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...

MAL-2026-4569 Malicious code in gator-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...

MAL-2026-4662 Malicious code in rendezvous-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4a03eaa6b09e5b9e291dd450f58e49a639c3efd8fa952f5ac48f9aea04aba4 On npm install scripts.install runs node index.js and on require'rendezvous-js', lib/core.js collects os.userInfo.username, os.hostname, and the...

MAL-2026-2418 Malicious code in tombac-chronos (npm)

Suspicious install script executing index.js and an untrustworthy author email domain sl4x0.xyz strongly suggest this package is malware. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e040ef4bdedbed143a5a8d1a1bb0389fa07848772a87c03da1c67557ced13e The package...

CVE-2026-30982

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30982 iccDEV has a heap out-of-bounds read in CIccPcsXform::pushXYZConvert()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30982 iccDEV has a heap out-of-bounds read in CIccPcsXform::pushXYZConvert()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5...

Malicious code in cat-meta-stack-minify-try (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80dec973455eae025b75ae4a2fb66d3f693521c903c9ca3af246808867e0af65 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kronos-inquirer-promise-dactyl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 061924477c364a15646e4464bbe03fb996300c139bfe1c00cc40eef390aa71a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-meteor-mineralogy-vuepress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7db2695a262bc6e69c6034c20bc2c7d9eff61f2b332c8b08bb2467def0f247e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xanthus-dotenv-safe-markdownlint-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65059d3c138e66e932e624190cf09688f2f69178722bd6940b7cd7ebdb558347 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jwt-firebase-izar-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fefa055bc041a85bb3553177d9546eb4d5599e738c2a450136a9abab5d66370a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in authenticate-scale-analyze-book-scale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d038c7d079b519f31ce6b09657db6765d1d0007fe0b8bd295d08d7806e81e80a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleontology-tailwindcss-tethys-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9bf7ae090235d58ac50e3f500d0ffbb3709c476bee4ff023db6e4b7af13da0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quantum-child-process-vulcan-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db5c7c674775a7060b2695cecbde40c0352fea9feb3cd9e5e0c26845c229e764 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phenomic-resolvers-node-config-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e565c694b415096038d77c3ecf84a24cd71b41b9f9c5e458046f05fac551d916 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in interface-stack-mock-execute-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc20e53d07d6acddd739f4e433e4d8a4bb9b9679bbf5027a87b77495cb36177b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miranda-borealis-nova-dotenv-safe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91dfceb96c2bb4d76d95411a0920184fcb12cc9d7aa77518302845bae0a3e6a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phylogenetics-fork-tectonic-cosmology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20cd04db7ff79d34415c4910ccf5f498e218ce9c415f6d4a1e893027ad764142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apex-aurora-xml-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd7d0a68560ea990b728310621a54435d29f21a74d08f8126b4956b41fc0234e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...