Malicious code in fornax-dotenv-safe-delphinus-kronos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 642878f7ea02757310af6a4a32229ef548b1d47085028952b7c4f950221c7adb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144035 Malicious code in juno-pegasus-pegasus-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 818102e2d582bdb36b85162b7b70ce1601669eda16d16fde3bc826021de287b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146240 Malicious code in pino-pretty-markdown-pdf-altair-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 573304594207ecf8910723db18dc49d6e07edd5c5aee43c6a5ddea60ab7800f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144254 Malicious code in lacerta-warp-perseus-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d114be1fc47db70d408c4ef91f54c6e59def37f58a787a130bd55786b6671395 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149523 Malicious code in winston-registry-miranda-husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4adc2ee2fc57b0b96c442dd9623b0bb7e158f3600ae026698c48e2cc04e98884 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139389 Malicious code in antares-acamar-betelgeuse-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7469440b3ac7a6f8eee981d0de7d186b9e3be1eb14762415ac884f84efec9817 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143736 Malicious code in iota-orbit-sirius-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eca1f11bfc43988fb9609e136bfb0d522a271e885abb7654c703b5719af059ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144698 Malicious code in markdown-pdf-oberon-rest-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6736e26ccfb46fa55ed3f0c9f17c3723e146a0902526a7486246a1f5ab8b426 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145285 Malicious code in native-backend-dotenv-safe-mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 781f6d6927036e8ba7935aa91fcf468079fe5edef66c51944922fd9b13d986e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centaurus-bootstrap-callback-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7969750400aaf0b8947f7695420d28f460891a0d6b84261f1405f84b7010400 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in envconfig-writable-spectron-webdriver-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 755591c551de8c2c5232708dbb1a9adef2f6add41727bc872a1cfe2b72206ff7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in scripts-got-electron-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db0deb3a53c9e1b3939399d6390903d0a2e7aaff72828138dd64ab8bdb9773c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eleventy-spinner-gemini-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 746ffb5d26ec0c2beb4033b4f6c4859ebbc33a46b29f81cce2bc4daf1967c915 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in janus-private-phoebe-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e39b17f67223220fe63d32875adfba39ede6a56f0af2b1cac86d9c7bdb1d21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in loopback-framework-loopback-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b27e27c7246783d05331bd95e459820ecd9975b3cb5f76e1d50febbf6d07d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in await-dynamo-europa-development (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9d6d85e8e7408451d3696998f145b53a266be50a39fc04a312b692cb078ef01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139474 Malicious code in apex-castor-gridsome-avior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9838df6fb8cb5dd397939668d3b47a828bd69186f05c69811ecc477154c170da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144722 Malicious code in markdownlint-cache-kastra-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8de65d6bf085e54dfc5ceef0c82d2d695fff047c8862a796c6784249869777a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142259 Malicious code in europa-child-process-link-reveal-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d22975fc0b1cef30e326d92c69dd05052e47b7277630c2b57b0dcf5e1986f379 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147908 Malicious code in shelljs-ariel-ophiuchus-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 693053840c257ad600fff44f093b29ccfea20e6067e1597aaf6f8e47ebdb03ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...