MAL-2025-143146 Malicious code in halley-ignite-protractor-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 334271b13cc7ad7f0e2a713812ae5f4c6b992d1b0759a6dfa57692961ff0ed57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in callback-pyxis-jovian-ora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa53b34e729ba1f6e545e5585d0583cdaf20a1f246348f2cf4bbd3d8b8117e4c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avior-materialize-arcturus-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16a0abe30ecfd362bbf43ba3c31f8f5360240afaf776b1fd268c9fe69ee0e198 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148408 Malicious code in supervisor-vulcan-remark-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bd09e647755e974ce82a7fe8fa31384e0ec5533ca9d8f84489011c9eeb5e7ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147176 Malicious code in rehype-meteor-pegasus-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fa9c9bc7d00cb76bf4363eeb00bf670efaa50798ea6e6eb8f5a516d613d61f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dependencies-rimraf-local-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 054b2d956edf01f7319f62c077101349cd5044afb5c88bc418ae0072e0c3a095 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bellatrix-chai-deneb-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd9fb6478dd3638f00e16753a5839c017c4696e62a8cb64c5dbf9b7518f59cd8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in corvus-enceladus-lint-staged-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae1829f498555d59bca2416201d75d19048908b4c7785ebcd0735c275c15140 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rehype-orbit-yildun-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02d493e8fda77dc1418c68e0b5c3ddc494015c5b69c056b5cfb9f768378af0f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in enceladus-betelgeuse-nodejs-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a214e3efeb5ab890583b8fbdd9950fe8de1f2f78df13e65aaaa8892a71e73dc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spectron-cordelia-adonis-solis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198cb3db9f112fc43c58a35b682b623e19bbafec7b8bc5425bf224e5905ee252 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in child-process-registry-chai-nashira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5d5e0a4c75e7e750b51f9106f6d21cbf53719ee3b880b06dc02013b87e745c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140439 Malicious code in carpo-elara-non-blocking-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b9625c431cce9029212fb9accd6de2599b0e5c9279e513c0e674e8544d0549f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147598 Malicious code in sagitta-helmet-vuepress-spectron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ca2a0f227ecf5dbd238bdb4fdf614d28c9f11da0fb859e447e77910ac1e113f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141410 Malicious code in cypress-unuk-helios-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4494f554296131e81f71e10c287e9872f5e5f8d04ec26052b06527d853f2d90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144385 Malicious code in library-prettier-stylelint-semantic-release-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 048a235ece038bdbb37f29922f586e5674b5501de5239c0a7b67a15de6fa8713 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145754 Malicious code in oberon-redis-luna-passport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a7dc99789c6a0bc0bffec45b88cad0cdbd527b9612b08e1c1088d1d9fa367c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in registry-taurus-changelog-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e1e913405bd7c5319053e9485248fc7aaad0ec9b3d3a94b86fc31b16dd356b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-auth-nova-socketio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd2e345ac51f637602bb21180a5a15e0c808801e9c9c5860e07eccb477eeb98a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in betelgeuse-betelgeuse-unuk-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dff0b97626e4ee33992315c9e755a79a6adc496b3debbe0e513225029979621 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...