MAL-2025-185421 Malicious code in aldebaran-regulus-bellatrix-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 466d3ed4652474b926cfb44ab27373bbae126cc4d987b1c672274fad890cded6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185694 Malicious code in await-husky-electron-builder-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86a1bbe4cecbcb8f3590b941a42cef3a87592003a2e822f176e34decbd8f04a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187313 Malicious code in heliophysics-pino-umbriel-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68d13fa24ea00cdcbb15ac488921f9c6c192ed00f12f1b47d659992b4fd4f4a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190406 Malicious code in xo-indus-procyon-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 127166ed7ac52806beb38f75aa00eb00ab30d661f9b3ff074fdf4d093831f339 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186972 Malicious code in filament-tethys-brane-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fd79b06d69f04ea8b0388bfa6ca124a65859009529152dcd4cb8413e3089e76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185655 Malicious code in aurora-nodemon-whitedwarf-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd97281221fe89d74fd42bfb63573c9c1be04ca2dd3dff73ddf81fe566bffadf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188263 Malicious code in nextjs-google-transport-markdownlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c44eb151cbcb09b201958c6f74871e720931d3f659375891dfd01e8250ce544 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in event-miranda-rest-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acccf89c905da91626d03d95cb26599e6d673600757370009e4ae8d8b0962900 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in algol-aldebaran-cressida-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3b60a5310d40da64667cf3c540ac5e0f72654d8b7b2fd03a830545547d126ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in async-dotenv-pino-pretty-odin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c3d4a572f76bbbe274534a67699ee258acbbf21283e21f9c8957d006040376a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ceres-petrology-callisto-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef236e8eb1b727325a3aa33594675cd45f7056b4eeb66de2ec6f4c3717e7eb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cli-cordelia-chalk-redgiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a90893c3d7e4d4fa1c3626b55b27eb9e39f5ec83bb10dea8c99465c4493b68b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cluster-wavefunction-subduction-transhumanism (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d0e6bd0652b5e4d018e928834eec7a01faca00e01d4f657865eee6364dbb3b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in configstore-quark-sync-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30c3b67083ef101f23672989003756131308861e71de005811d2edde2b5f3f8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in duplex-parcel-nodejs-membrane (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa06346c89852e6b9c279cbd0b49045bb71d5ff9157585fa04bc9c20fbbf44d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in elektra-bellatrix-neutronstar-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c4f90b5692e853c91bc5bf63fb6ee8aca89c7b606140be3793dc608467693e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in equinox-passport-janus-websockets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f11b68e3638d03fabface74d4eade1bc5f8df93eab7c0a224d47b29af1d9d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ganymede-palynology-proxima-robotics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 543e63880d502f59f3d0b14c0fc789ac361fa84e5f73d03802527eb7c0a98c2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gatsby-config-postgres-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da39a9e2fd7a04f5eb662fb6eef0160a78e4ec3832a4537c9e704e0731297736 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gemini-fornax-commitlint-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82bb46f3ff203ae75ff16f3fe07423446d548e769f8914e5a85b752673724382 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...