MAL-2025-187894 Malicious code in lyra-warp-dactyl-interferometry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0443e66fbe5e2851fc2339642f366487cc1173568243d8b77eee088e5e787a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186621 Malicious code in dotenv-safe-jovian-astroinformatics-ablation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a312ee1d39ce12596c3d43387bd9eead6fec93b1060c13fe52416868153972 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187106 Malicious code in ganymede-nestjs-izar-release-it (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a230d94bc32273176374265684eb0eccddbdcba4bbc1819c7f8b868ec0f5e35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ursa-inflation-atlas-taphonomy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f08f459b286f25ce6361ca667b880bc5e7084907c298b11aead0995d00ae6e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in csrf-callisto-hapi-nextjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3353f2b88309fec3f0a2db16bc2c7dacbf46763f6ef7ba45dc6a3742e6ec2f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cat-void-bash-cache-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 778f07c6825f30529d578e5e0b9222d362189c07821fd7aac30de9ef4b174d12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wasat-photon-await-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9928a8be2e63151c5a44872a4540168eb5702dc997d95293ab99824e30466315 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centaurus-quasar-module-rimraf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a29e050252b3c774ca548dd99315e0f8c4a20a46b58ff9253a699a09e756ea1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187442 Malicious code in impulse-dependencies-spinner-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b1c5ba732a67d3f66094e9fb848726d7544d82bb0de3c82c8ad2e54e6932cea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chalk-stop-indus-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87bb8e1129a1d5a199fd42030542e91c8c409a534084d9519532cc4057e92cc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in brane-halley-solarnebula-stratosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dbe993ab0d2060aad81f817e0d23ae578985071a1a988c2fa1c1cd10c224534 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zero-epsilon-bash-cache-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6280f9e3200c2b9b148b3ef23188d465afb54b42c349776db1f524c284f9671b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in report-epsilon-socket-beta-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a374b6f621a7480a7de9e738180564cc75591db6337a7b845ed16decbc25ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in duplex-request-astrometry-titan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2651fe16dc29246ea136b5abe4b863a53fc8361641f4db128a6e69e0911519d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postcss-loader-hapi-publish-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f30a4b6ed232f3a0f88e9b315c00447a3e16a47c406a885a51e8efb67a3253d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sandbox-scale-promise-unix-resolve (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ddcf410fd06e2ea2f2269a667bfebbb5ab12de14aad2c9f47ef13f257ca503 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in halley-bioinformatics-mui-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 662312aa6ad2beee5a2348e5ded7008cd22d42f7258a0e9670509dd2889d5910 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186379 Malicious code in cross-env-cross-env-photon-superposition (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb2fb8727e1f7724d5accad4dc8d450ac3e5735b535600cb2fee7ed81e14ac8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in archaeogenetics-ganymede-paleoceanography-ignite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074f632db2abe61d259b3bc4c1f8b0dace7f1c727cfead5c4c2611a7642171c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in areology-atlas-dotenv-safe-greatfilter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30a274a73b2bf94ea441167c4bdbdd6e5887ef52aa83f8c6509c5c8349835aa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...