MAL-2025-50590
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/umi-getuk88-riris/MAL-2025-50590.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-50590
- Published
- 2025-11-10T04:05:19Z
- Modified
- 2025-11-10T04:05:19Z
- Summary
- Malicious code in umi-getuk88-riris (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (0ed6037001657abba9681e30e3d9dc9a18b23c11d92839f97af0d49f7033cabc)
The package umi-getuk88-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded npm with over 15,000 spam packages in 2024. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names, and continuously republishes variants to pollute the npm registry.
- Database specific
{ "malicious-packages-origins": [ { "source": "amazon-inspector", "import_time": "2025-11-10T04:12:08.625419767Z", "modified_time": "2025-11-10T04:05:19Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "SEMVER" } ], "sha256": "0ed6037001657abba9681e30e3d9dc9a18b23c11d92839f97af0d49f7033cabc" } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / umi-getuk88-riris
Package
- Name
- umi-getuk88-riris
- View open source insights on deps.dev
- Purl
- pkg:npm/umi-getuk88-riris