MAL-2025-146157 Malicious code in phoebe-lynx-less-loader-passport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06b6e9c51d8df792487558370f33d75af46a24800c3767d05e9a4ab2115d7011 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in middleware-postcss-loader-vulcan-configstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99d428e4a36316610a46ca531a7cf361eacd9cf94095b45764a4a3d1e7864ef4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chai-procyon-postcss-loader-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbb383055d39ccf72e511de623d5b1555ea9a47f86d90567d3f808175b6d3ed7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in forever-alphard-zenobia-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7e8e9a7165f5f93e0d2ea4f71fdcc15e596029699a897d1418f935127cda681 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in stop-start-link-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f11757735a5d98d1eb0e745a37506fbce530b534d155ea6fedf6397a676c837 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in figures-procyon-betelgeuse-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e6ec9d293aa050ea28a3dac80d3023398df9d62f4a0660466d4fa36a0c7834c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in commitizen-karma-markdown-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a2aa2e20a555341ba29c9fd65ce99ccd09df033527d93d3ac4e13a578a97bb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in websockets-auriga-aether-airbnb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f82e60419a165c24112425c2a0eb8ff0de0e758fea71c85f94dc4322948d01c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142210 Malicious code in eslint-config-socketio-development-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29f4ba7bcceda7e6c47a55286d07be81507c98e76b1293b35e26b1670af017aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149623 Malicious code in xanthus-element-ui-webdriver-manager-nconf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6ebafe915aeb6fefc051e9c9f52dc18edbd9a46f52859d379987dfd6b8cbe95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147581 Malicious code in sagitta-bellatrix-procyon-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 068e433035260f840baec702ff04f3fe2c9c09eb3f2374cd4680eb66aad1f3f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in magellan-rocket-chariklo-nconf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e00035575eab423ae3e4685949b497d9cc3dff7e8691dc1a9cb608ab0565d10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142214 Malicious code in eslint-configstore-transform-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96b2652a5d2256805c259c8f94e1244bdb3de2f2d085378bebf0f43237998140 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145951 Malicious code in parcel-build-castor-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e86d03db2d5330cfeba064e29e8c36f78fca0430be8e57ca4e45d5a6b398028b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147539 Malicious code in run-script-bulma-jupiter-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 616dbb1bd56cb2d5f22936162eb14cfa2d9fd391f8e8f257f39b6f3cf913ec59 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141381 Malicious code in cygnus-stream-lyra-apex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f91d6ed1a45350dc66c59200a558dfd1805694304dfb26a4721875c058d4b0c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ade-telurtahu8-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceffbf3cd283dbf9c89952dce70be78df42a5add28e296aa467748d0ff46fafd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kurnia-bika12-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f636e9f7db7cc26be7667afe39032d775333011e1537997e23c14becd340d1ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nadia-tempe47-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2e95998a9fd51b9944968365c3f5c4bc7ea686e88e2d99e285792a308c27247 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-132867 Malicious code in disturbing_felidae_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16c0337ea2356d3be33c766212731673679205ced00fd8a2f98e565b64ae2639 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...