Malicious code in leo-connector-mysql (npm)

The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

Malicious code in nova-quantum-protractor-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42b35d5356afc081638f9e5562655901df31ef1d90eb6c13779454805d9ab8f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in event-husky-tachyon-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47d6d40bbd46796ffe0433b9e3e0fd88b76fb46ceb7a4973ff526bea29bf1b9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in index-short-java-phi-virtualize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40e263ba680a09fbfa7fa23f8bee80092a3b81959c15f1cd633d5a32f174fd41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hapi-protoplanetarydisk-halley-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14eed49e06d77509c188f6aa28a040fdcf9a987da14db1f3667f27101d6633d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in local-cz-conventional-changelog-cosmos-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e458e633b542e7ffd2b0e112aabcc898fbf435cc944028d735d657c238d16a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in convict-writable-webpack-cosmogenic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97564ab9fc4db43f4230b9d93ccc412d62ff1b73b25e6ee7eeca8c3f4298df7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mui-reveal-md-registry-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76ad89d8331122a15bc7cf5f8f5bff6b20a31ed3a2ccc02e5573a1f7b14248ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in multiverse-carina-boson-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76a771cf283fb9950e43b2ea7694717add47719ecac98d5e7cee380843483edf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in corvus-darkmatter-titan-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ee347a8414e37c2db0dd852e5fcce8e90db1d785146cb6c111173d9d2a5b048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in public-atlas-europa-umbra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69d942f4eecebe1c34927246c3958d75490f7cc7e5b1c2c79cee69ab01ee5509 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fornax-jest-ariel-spica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feb0d79504b1094ae1204fe3e8908bc1eb45f16d9f0a89e03f7a2f7fc5a0d796 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in changelog-multiverse-heliophysics-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d26b7c4b39b23830057045d4ac69e6039758294f45b8f6197cf5f5af279e466 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in augmentedreality-version-wavefunction-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2503586da8fb0802fa3367acc3e22e67b9d508d0ea7d14123f3ec4edda2e8203 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in node-config-callisto-comet-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b5635651be491b5fb17da64d0134d450bb553bf6c11fca9bc7157a5541ba26b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-simulate-optimize-tree-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47c722544b9359bb4bc6cef7b4fdf6d41f42371b1b8e0c2111cd18050e5101c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in finally-notify-table-orchestrate-sigma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3d4ecfd3ec9e536b6f5c276f6a533ced1d24590a4a00d5d059c241e6c2fd05e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tailwindcss-bunyan-spica-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef7ca0b166720ff7a48b675cb46297e227e219b0c43a8ef775f03020ecc2363 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centauri-protractor-biosignature-supernova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 739d1638844b716e95db11ffdb4027dd1942b8a1b956ef4531dcf9888bd02986 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in framework-writable-dotenv-parse-variables-yonder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a47bd46b4ef5b2101952c40324d79249e25d9c3a1b697d350ff8724c4e24387 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...