MAL-2025-189265 Malicious code in rocket-vortex-nebula-barnard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cb509f13958f7a7b72ce609e2825f1e19061e7b2d65cce6416a6e965c065359 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187164 Malicious code in geodynamo-radiant-slides-bioinformatics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 803477616d2db87dbf10021a7d12ebbb625a2f2e245778328bd791fbc371b248 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189341 Malicious code in sandbox-long-compress-book-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ee676fdf4a328f91380e094f39eeda1184a866c32f09c81103c42cf748fb558 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187928 Malicious code in markdown-nconf-string-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8074d92510a28e3e6b1da7ca41610927761684bad1dbfcb169033072bdcd11ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185617 Malicious code in async-encrypt-void-user-upsilon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7a36e99ef3a68fdfbc6ab3992a4fba166028b2c2f3e8f022aaa922e249f7eb3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in exec-zephyr-xo-izar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0a537378001b9bae4498bb04fea101778d1e52997d9ef0b70e87f31e71d3122 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fermion-solis-wezen-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c64341b959ec7e33415d9299b117759d3127f0dc1de6b32f0137c1ad514a098 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hermes-dactyl-canopus-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62799d2b20f03765f78f7108ecd6c29ff5e28773faa479e8584065f639f569e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-playwright-optimize-css-assets-webpack-plugin-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0153c2925946fa33f509a7dc20a6a22715963f52da756ce161ceb18165fd23d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-prettier-stylelint-seismology-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43052a28656f175ae88ca3541de9f3932eec1054bee702e2ee6c71eec895aa73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-webdriverio-event-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a13ec41d982e5391f4a58b51051dc7c843a88857fae8f519de3e3ae4dcd6f643 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spawn-corvus-elektra-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e45a2d1730f87b0c7ad3fc6d33915857fcf5d83c077794051e825175b6ec7b82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in typeorm-protractor-cryovolcano-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02a13bbeca9fad4181dd9e0e667817df4fb2bf290994f3f37757c86d5562cb2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eris-framework-lacerta-biomimicry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f17dc9f17e12f1b196ee0c36e786282dd58ca017e19208f2db374ca138e0cca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-isostasy-altair-less-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc7c0466ae5d2579ed1cf9986ae80ed2df907eecbcbaf7eb8edffe3b4ea5d0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meteor-command-warp-colors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8178667f4cc481bfbb71a61023a72f4c670447ad57a44be40c3aab68de2cac2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in stratigraphy-archaeogenetics-pino-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c8b8215edc8d75314fd70706553211c18d60e357ddd2ba33d98c9aebc7bfc32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prosthetics-commitlint-astrobiology-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbfb4f7c503130fe491771b7258e74f8a9cad2cc0d49ebd7fa62fc8813bece12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188527 Malicious code in paleomagnetism-neptune-jsonp-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e00b7c4e427afdc185348daac0c7d3815042fbdb19ac15e8d7e848299230aa85 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186341 Malicious code in cosmicweb-antares-lithosphere-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0506cb2e0e182f936ec1b74d381874e93fb15d69cc3a6e7245f53e539eba8e7f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...