MAL-2025-186195 Malicious code in code-report-cold-iota-root (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64bf5e8505918bd9d308b0badcac899a832317e13a323ffe00e5666a0329a5aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188757 Malicious code in pm2-dorado-lithosphere-gravitationalwave (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0bf0122bf53ffd695ca74ef50913f10924601962d70f7e2efee47d07ce23d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spectroscopy-dotenv-cassini-sedimentology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0877ae9987490da3e59673ad1d155843077b9fb9419c1942c74445d2543962a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186538 Malicious code in dendrochronology-eslint-plugin-andromeda-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24345b9ae34655a19ecf0ebf2bd34e7ba0977ddeb6130cb2b356585ae554d64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187800 Malicious code in link-upsilon-link-kappa-compress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3067d1508451f6789510b62511e905e3046d9763f2244761c52bc46576b6b073 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186695 Malicious code in elara-jovian-dorado-biogeochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffc0a55b1c53c1fd2c1886e27d908c9c4f143b5f167960e36e22de36e35aeb7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186722 Malicious code in emulate-link-shell-async-double (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf2c1b630e620fe1fa496bedbb43c8e83b304ef52edb5caa9ecd63d1dfbb13b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bunyan-spectron-webdriver-less-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea996c13b6b5a184710be958777615f73170e5e8f3a5e8fb00260064a7d769c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cold-cron-object-chi-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c60002ac5653229eb6215aa13f4ec5c490f97c72faf60b5a0be727c9092c4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deimos-redshift-plutology-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80168c73b44e90a928ec018382d63c6a2d7f6cfb4ca8704de3974a762297e32a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dysonswarm-public-mutation-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc07300ebca2f8b26a8d75a123c9110acfca5a9c9ba7c5ca0e175771df0cd378 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-config-nestjs-deneb-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c9742f772c4e9f496f2202e2e39872829c34c1fceef37add1baa8a95b96d759 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in futurology-arcturus-saturnology-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cee2cbdc2bc3dff01e44b79762d6c94d9ca914096274d79ac432f730d252e8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in genomics-upgrade-webpack-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88209a1ccc8c21100a6d59adf1dac66a2d0426235764f4dc3c46c16810cf811a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in grus-prosthetics-stream-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8349dbfa155f2d339ef3fd2ea67bde24011b09acb828ba410014298d1394d52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ignite-chai-mira-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ce891d93375fc44ef940ba2e552f0edb96f80dd9d0738d90e22a7a411c2fb82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ionosphere-triton-selenium-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d954d776ae4202f524932128d3db461e6808e8922852e0d2ae522b55c38c3597 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jabbah-areology-archaeometry-vega (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1450f46fd9e16986c07c3d8779c3e55418dc857de0953803ae76fac04be89af6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in json-babel-regulus-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dddfbf5848f4ab527768d15fcbe5332b5abad764f67e59c571cbf84288ebf928 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jwt-jwt-nodejs-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea2e66daf01fe913231340ad3a2cdd91b8d73f807dfad3ec9909c4c942dfcbff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...