MAL-2025-144448 Malicious code in lint-staged-carpo-webdriver-mocha-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b8e050df62b8e9d79261093ea9636c346dfafd383a4b7cf736e5cdd571aac4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142843 Malicious code in gatsby-fork-soap-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b73e7a65de6af65020a1c45f76329317657d4f7569beaffbfa56f0471cd8adbc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-await-nightwatch-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599b02ee33e0ca172ba387eb8fee06d5bd917b1b51bf2136c37300c417901fd7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in run-script-vuepress-bootes-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f92fcb02abdf3ddd958606e6a604959cbd6e8afde1cec02a001c1694099bfb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in proxima-norma-quantum-eridanus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 070c510d6aabd42a9359f70a061481de692e33fe124a1af5ee60137ae925f95b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jest-airbnb-remark-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300e1c61b12b3d1767ab9e42820d1f4b77d4cbb95072146fa11f5d53d1d5e4ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-spectron-webdriver-development-xo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01b97c61b120b0d11484dbe757f30da970c4faf2ded6606a69162f1d6f7b2213 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in delphinus-ariel-apex-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b947a9067e09e6ea0296b684556baf143d2ae93eb8a8041dc79efe79f7e54ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in standard-aquarius-css-loader-webdriver-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec05f0a48a6171709e472121b4da1b9b84e2fb0444facebb8acd27d908e38b1b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cressida-vuepress-nconf-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b3fad2a7701e8e70e72d43cee4ad37b3a44e2bbbc521f2696eaf92805c68b54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in markdown-pdf-mocha-lynx-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38f527d979b805966a29c97a0f6ba24c8df77bbdf6e19633f45420bca5790374 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in toml-less-despina-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4efe3b3ae752d0a2c0807a034dcc8f4cf24696297e1894dc32a449ae57d23f2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144621 Malicious code in magellan-alphard-cygnus-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb03d334d5fb3fded9247c374d838c01faefeb9b836133ef2f495a0c002fda2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147522 Malicious code in rollup-plugin-tool-await-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f84775349c8dc193168951bad5cd88c6117e804d988fc3254f234eece5555482 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144924 Malicious code in meteor-postcss-galaxy-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5baa599df8327e1b0ad8e16250d1ace51cc18e05fdcea42dc67da326bfb9383c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140167 Malicious code in buffer-pavo-europa-gravity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 511fadca6bcdd76abc46c84433dda6cdbb8f5941abba97253a8acf6946b7cb32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dynamo-magellan-standard-dorado (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0e6537f0509af7748578bf409c68509f2a78dd654ab1e5524a808f98d675ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143449 Malicious code in hydra-pavo-taurus-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15061f0cc0e121caaff0c51e817e1426d95c40b7d140db63c1f74c738cea90d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143467 Malicious code in hyperion-blaze-acamar-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90140d8ff340cc1c854a9713092c1c8b83c93d8a48f428989f69219cb8a47ca8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146175 Malicious code in phoebe-rehype-style-loader-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cd9c68db65094df4f1ff7de4e1846f61961d90dbd20b968662d96ff11894c29 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...