Malicious code in paleontology-tailwindcss-tethys-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9bf7ae090235d58ac50e3f500d0ffbb3709c476bee4ff023db6e4b7af13da0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postgres-procyon-nextjs-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95e02623bc5d8858a0fa2b9d6b055451f4e014ae45fe30ff2456826691658198 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postgres-soap-apex-vortex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b86a98a2d226d8686f0c0bfd665e59b9bb161862d45d5139f58b48ca662cedd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in promise-hawkingradiation-paleoclimatology-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9699ad994533c1d515aa9b41aec6b38a1e46a1c81707dacd5c84fe82663b1f0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in update-tethys-query-mensa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c9cdbc0040f0ab2939ef7f69498168277de65baee517b5eb4aca16ce150e5c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xanadu-singularitarianism-fetch-fermion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ccd63704a8837ed8bae59ef565a17f740167e4fc9a2bbf7f4164bc2321af13b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vuepress-update-canopus-zooarchaeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c0ba2e936fb4ba21ad01bbf840125a863fbb501192f3e88e43e962473e8fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xenon-ganymede-got-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3cdb5311de65ffd938d7edee63411d617e2a115eb667ee052b558090a5c0de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in puppeteer-tailwindcss-karma-postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d9679267623f6c6b49f81c8f19e9f271e992336207668f965e6348a4c9bbf98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sudo-yaml-virtualize-encode-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 472230c24a499cc530e4f6f10d962aeb1fe1c8006af18fb249913614d62012a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in helios-webdriver-mocha-superposition-phylogenetics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7fa52991d1dbcd2f6889af5503b80d384df7b867c03de23959b38644f8ce0cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in commitlint-config-angular-init-miranda-luna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a99b354cc0e80cf5bfdc8e125674477abcb0f262775850a536241b2b90e9e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-pretty-ariel-ursa-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8542974294f7b08d56d4663d4c85ce4e855d42cc2fd27671470865ae06213649 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in protoplanetarydisk-zenith-mysql-palynology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a74138497749e5f498f269b5c421cfe84c7dbe035d4919018d99e7d062d9bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in inda-fodija-gifa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c953286fcd70a0756dea610a4c9bca92968c65f876272a2d7f937761f4c5e6b0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spica-cypress-barnard-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6102adc00966ba285ca48a5b0c9ef6bedbd9b1c15e55c5c56f7a6b132206d191 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in elf-stats-northbound-ledger-135 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fc368c2d22ebd65839fc2f559161f24d8f76a20b5d946094f7a37dd863967b4 The package elf-stats-northbound-ledger-135 was found to contain malicious code...

Malicious code in egstore-graphql-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8f78f2a6abccca4b462d391732c3bc43094be0be51d4d3cc06a1686d1b554e The package egstore-graphql-client was found to contain malicious code...

Malicious code in ect-987654-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6f07a32f7f265a234c3b4e84eda91976ba6cdb73f979ef22104a70af28bf4a0 The package ect-987654-ctf was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cryptocom-private-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c127979ce2c818c0baa9e2f6212dc73783686c797a35b3e63148a4815325de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @testcarrot/supply2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c6b1ac7e0d732e96fb12ebfc09964c4e8a5a58fb8b0a2dc11dab3fad6c78359 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @sev-ui-verse/workflow-context (npm)

The package @sev-ui-verse/workflow-context was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b34fd25464abdc87cdcff95770eff1bf8f142ad5407a6487236fcc5c76f72f14 Any computer that has this package installed or running should be...

Malicious code in hello-shai (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 297f2a57d1c225e18d8464c2024daef4567955be0eb8cd8d45052aa778fb4f3a This package was compromised by the Shai-Hulud NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub...

Malicious code in @crowdstrike/logscale-dashboard (npm)

Suspicious postinstall script executing bundle.js and unsignedbitwisemathexcess YARA rule match indicate malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f7539ca83a2878a7b5b892aaa154843f462994bef40d9d14698dd04a2f0ffee Any computer that has this...

Malicious code in monolith-twirp-mailreplies-replies (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c1e0b39ca2393b053f31bdaab06ece9ef73680eb15866a4936b52862b42f305c The OpenSSF Package Analysis project identified 'monolith-twirp-mailreplies-replies' @ 1.0.0 rubygems as malicious. It is considered malicious...

Malicious code in monolith-twirp-odometer-core (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 559151bc8f149e686c1483fbc9ed476a900c5109a87ed60f413125cf9d178db7 The OpenSSF Package Analysis project identified 'monolith-twirp-odometer-core' @ 1.0.19 rubygems as malicious. It is considered malicious becaus...

Malicious code in monolith-twirp-spokesd-core (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a1ea971c27301281014c26314bf53df0b7410c912d2f47181c9c4546284466d8 The OpenSSF Package Analysis project identified 'monolith-twirp-spokesd-core' @ 1.0.0 rubygems as malicious. It is considered malicious because:...

Malicious code in monolith-twirp-snippy-snippy (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 48e4b752eb90b82df41239d8194646b9ab47b4e9e147dae4011c665a05d776b0 The OpenSSF Package Analysis project identified 'monolith-twirp-snippy-snippy' @ 1.0.4 rubygems as malicious. It is considered malicious because...

Malicious code in monolith-twirp-octoshift-migrations (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8c8938887f6cff7780099f00ec00251da4904659f59fb9c197583288fc8951c4 The OpenSSF Package Analysis project identified 'monolith-twirp-octoshift-migrations' @ 1.8.0 rubygems as malicious. It is considered malicious...

Malicious code in ctf-q21-empire-tmp-bw31337 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @mediawave/lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5728f228ecbe0dfd5db6afd530842107e9356201123b885d36418429c37ffbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in client-authentication-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in io.github.leetcrunch:scribejava-core (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8dd884cda209e50c2bd5185172f3c25968cb972cbd19234779b43f4f855f2d26 A malicious Maven Java package a typosquatting a legitimate OAuth Maven package. The malicious package collects and exfils OAuth credentia...

Malicious code in client-consent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36ebc6cac6d302018d141c45adee10302556bd3da3491d12734412f967aea772 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in anaconda-anon-usage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 681441a370f0819063d937bf24e1c9fdff7fd9dc5201da7e2c577d8a547fff51 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...

Malicious code in xmlbuilder3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c5ccc40a08ace658e1c2bb67a692e4a04f1c6c826a6cfbf7c2bec41d0f54c540 The OpenSSF Package Analysis project identified 'xmlbuilder3' @ 0.0.2 pypi as malicious. It is considered malicious because: - The package...

Malicious code in esqencodeadping (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 22f3cfaa0db8c01a87fe4999fd66165b28e7a754a7b1f50e7f3a9ac3eb46c5f8 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in beautifulsooup4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 58c3e31b0561d93f895daa3584e7c10b9127e10d258fcf1cfcbabec19a1b08ce Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in prepaid-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c68d977d75c5f9cd78d29e0aed942e0027de8b85b841b415f2aa34cbb91bd442 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in monorepo-symlink-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85ce41560ca4bda849205f0e30456947dd54daec43938385934ce240e45546a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mongoose-jsonify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d9b010d0799f79de51f4bdb82f4b06fca470fac0088ecb5744e3ac113afc37c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in new-ecro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7492a140547cea0957bc705d365e19806091462a249c3d5c90b6bfe91e8431c7 Package 'new-ecro' impersonates the legitimate 'big.js' library: it copies big.js's README, source, version banner 'big.js v7.0.1', author email, and...

Malicious code in @qlab/component-intelligence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad49caeee790003270d74c5b17a58d0cef6f04d881efe83b0f6c7e11515e934 package.json declares a preinstall hook "preinstall": "node index.js" that fires automatically on npm install. index.js requires os, dns, https,...

Malicious code in db-connector-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6828cdaf9f4280f7739fd6f5a838a63ea7bc8f7bb0c94eec52fb881c2701c724 The package impersonates the legitimate dx-db-connector the package.json repository field points at...

Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

Malicious code in clx-cookie-signature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0e91601d276764067b1b209efd17a1f59ef03ff4fc814bcb22c495f4a0f9b3 Package impersonates the popular cookie-signature library copying its README, author field 'TJ Holowaychuk ', and sign/unsign API, but index.js adds ...

Malicious code in parket-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06da7444904a584b820efa9d1b6b7c8058d4f6f7495c344e354748992366e737 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in final-poc-usa (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6cc39e355e69ec11b0532da1e2b2a418601a4c5594b100ba6f054f0e52be44be The OpenSSF Package Analysis project identified 'final-poc-usa' @ 0.99800.0 rubygems as malicious. It is considered malicious because: - The...

Malicious code in jwtmode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b59454613cc025e514269f55b41a9da6a5da1db70e73e583bc79d97727e9528a On require'jwtmode', decode.js immediately invokes getThirdCookie, which performs an HTTP GET to https://jsonkeeper.com/b/AZ9ZF, takes the response...

Malicious code in requests-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfd9564690d64c44a730b088f4295c75b36e9d2fb164e2c7aa9ec2367153ada6 The package masquerades as a typosquat of the legacy request/requests HTTP library, copying that project's README, dependencies, and source files...