MAL-2025-185859 Malicious code in blitz-materialize-link-lint-staged (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cd6558b44eec2954b20bb99ebb1a7e8e455149631179d6949c5569bd11e1822 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188364 Malicious code in nu-double-import-theta-old (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cac277cdb2603c0d0004386887eb6afc11277f7f1255244070b236987bb24bdf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188513 Malicious code in paleoclimatology-node-sass-asteroid-pulsar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44d11927628a582b335587691209c5d269ac29f4ecf3d85eb1612706326c4974 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in json-apollo-rate-limiter-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4041eaf381f192fe6b5f0fa41e0d62e7c44bdd9c3dca76d45a758c432e541b9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in promise-jovian-cli-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce7920e2648fd98b014ba6e5691d3aaa8d488968c54a9a951d7f0f09354f62de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in test-fork-gravity-puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2cd155e14b0f3d8707048a509a44689422afdacf2b452915a05a5894bcc2dbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in betelgeuse-sadr-antd-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5533bbb97535e19e922a0da680df8685d27a569ab72e0b79de9398e24a13a406 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in futurology-fermiparadox-parsec-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7932b00db63a52a64e991976f6b489776b42c5b992ba035510f6778c3fcd33c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in omicron-thread-report-query-book (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f62ea97ed14fec7e80933898874e26a0acece68b1bc07541460b1a79ccbebcfe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in carpo-release-it-oberon-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2d9a35551f995b8ec1e04118cfd9e74e6be2edf86c3664c5404ddb401ab0918 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in user-double-signal-node-upsilon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 331f615747fa4552139398bd5bd8ab96fb56c9ffdc6d81e14eaece427b08e5f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186875 Malicious code in event-bootes-dotenv-parse-variables-ursa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ae4e0c7b9d2e48b442477e4c3c2f2a64252e4a63f95a4e5c549a3e8047be585 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187576 Malicious code in janus-neptune-spectron-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd7014e94da99e4ff360a92cfb85a4a509806961ab893a9372f90c56e0ed1a80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188710 Malicious code in pino-pretty-yildun-express-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 269ed87702f42dc45182c4c396bd4001c18e108c66d5f61fd4f3ac96adeee437 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186453 Malicious code in cz-conventional-changelog-blitz-steganography-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 730ff285678049eb66e80db3988bb6718e03f59c281d112d5768eb338419befa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188990 Malicious code in pyxis-hercules-scripts-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6a81f666995ddc6c6187d95530b91ea605e66fd4709f426879c3d30977691f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in moki-luni-huojakiavuggjim (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63a3bab267f8976b2e02d2b3040a3d27cae515dea16871a65baff446188b8fdd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in itale-adci-ggmatondnggangru (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70b7c3bd65e3cd649ae60800ae0002f713a8f749539326c582b2f589693530d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in item-ati-zpojozakika (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b40fc5a5df47ac2954be50096c8936748333a57074a3243d699837e3c234fc11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gocay-gua-visagoigojfahi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3287b48b3f6ab20225cca321e3550b6557debb010f0cfcd053229d27c82db867 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...