MAL-2025-158158 Malicious code in lina-poke71 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d79889f185e7de36e6977bec498b9dc1d978127a6202baeb04dac34cd99dff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-165428 Malicious code in sabua-muyafig-budafu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3650dc3b0443477c3911e6596152f09953b3035020f508e0787aaea5b3a4274 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-151854 Malicious code in aiboa-molipe-amuiai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa01abbf72a84f6c364250b710739d8e42ba418648d058593f7bb4868ac61588 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142380 Malicious code in express-janus-auth-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6af4e08ee61507d2dfea640b983f7ea3e33015cfc6e4b78590648dd42816e764 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cordelia-chakra-ui-acamar-bunyan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe50038a951e8b1692ef49b02cf319688561c524d88b6c8447356cbde583c218 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nodemon-middleware-non-blocking-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0911c18dba18f41ddc05e9ca6f4eb53d1a1290db69de8d120a48d8b7b16b0d46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141377 Malicious code in cygnus-publish-apollo-husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84c03f11a829c2bc6b90dbf8fccd6788100da66f690ac6c5aae274f08fbe6bd2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142959 Malicious code in google-helios-tethys-hercules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b34e582ca40ff6c3fd84385edf7a5a72d935036fc994943ba8ba20946675fa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sqlite-non-blocking-native-kastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4bb8d693502367467a865250306d6251623b4fa2b1c23100452f92000dc12d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146378 Malicious code in postcss-airbnb-query-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f8a326112cffbdc78e4226c40385297d39c2cc350524c8450de4b31660a6a57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149073 Malicious code in ursa-sass-loader-orbit-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 299b64b0af89711f6ace77bd2eb74ec7ee22b886558ad7c24f690a3b16389dd8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146982 Malicious code in query-ultra-foundation-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5c34a8bb4f140d8b1c22dc64d5bd563c9a1e102e0768876da83550b8f89365f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in stream-optimize-css-assets-webpack-plugin-nodemon-pulsar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fae29f63ab3edd79a6f27157b2a92d2fd2d219f65bf803de9275b448418c9dba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in magellan-graphql-levels-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20526f5014eee97ee2e57fd6f52681ed6681877adc4ebeefb396c9d8ff23adea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mysql-typeorm-zenobia-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 175557d4a655d5cef955077dc02c69a555f4eb2aa05bf6aab5889a1e6289ccbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in geographical_locust_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca63107abab09b05e9fc3f6f488834ba2e527eeef62b942ed783467c09f664b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eka-soto90-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84e48897f4e32faf9c2476282aef6214354afd1ff6c4a6c51c10e7cac584bb6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-131597 Malicious code in yanti-tempe42-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ea088b8aec775ea6765dee5470d12472f80d67604999ee57118748d4be832c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hanafi-kue78-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b2f0b5de600e69ca2adacbb2d0fc187b86d6eab93e8b2954dc5a7d65a05b124 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gleaming_moose_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b07837b8e2e2ab6f5ebf03b2f54fad634e7df44e172db154d6ba261e386594a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...