MAL-2025-168577 Malicious code in tealove-nokire48 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3178231c2a2821d70f902b11df8715585e8ed616519e4b445639afddd7bd7bf1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-150170 Malicious code in @mipta1/nulll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1959d65a2292f8a74ba6daefd72e2513c39f6b99ba7309f886a75200fee9543f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-168228 Malicious code in tealove-dana22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea47f5ae83e894e9f9c0c9ebbe59b8edfac60498de179b2aa0b5fd1891daad0a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-158352 Malicious code in lookingan-konami87 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e8be4fcc6d5e1fb3ed5b859f24de529043a4b1de4be47a86f1b832af7f7ded6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-150938 Malicious code in @miptaa02/saviontra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdd43c9979affa1c32e67599248be342a024d0bdab6c35a954d50573c11390ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145300 Malicious code in naughty-peach-tortoise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d84af096b40742c307055c83962ebbe7c7b2d5e18c6ae933b0ee25a523d742fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rollup-plugin-ultra-ganymede-vega (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69d84fda97f34b6e4d7fe644721804df274f83af37ded2fbe3c78cb14d629540 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hercules-server-airbnb-css-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0d39e51f8d9f7bc15046f50bb2eebff5f7edc6e9d0dba9b05ee803e679f340f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in perseus-loop-equinox-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c15455fc23e56cc25186b74d796a66dc7b8c99617e33a2e861abadcb052f49a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dotenv-solis-hydra-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 204e4c944e5588742767a5571cfc83804f233a9273e1e095b54ca7a84a00cae7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in solis-polaris-playwright-pipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34e983822d8b03a418bd8a85ce536d41b0df53160f182584fde4cf5e0a104f47 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in uninstall-octans-procyon-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 974400de422e2a3fb0d03cf40d45a0476bca83b458b272e5638ed90165ed00e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kinetic-impulse-polaris-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dae9f06594bf0c0f9bf149fd6065ba7e289724e2ad9f2bc222b94bf5de59733d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in virgo-semantic-ui-jekyll-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5d4e3e628d28d18ae33ed261c564433b0747ad9352364187f69369a139f24cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wezen-inquirer-meissa-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 244d7028d0fe72ef39f3f651bca81617eb19935420a4860a99c67f63f6ef8ae6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-plugin-dynamo-axios-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 609bae32965b6115352a6c6f0a2e3f26630ab7c7a85532b8c34e12ada679b9bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147723 Malicious code in scorpius-yaml-ignite-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb26d44d2898df0a6ccdd6b1b5623f9f5e5a5d9e158848b37bc4af1d4ad9f6e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144284 Malicious code in leda-phoenix-bellatrix-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce266d563d5b2b900c4c7cb63fe1324d5f2f43ff6fca843bfff590fc2a4e0423 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144511 Malicious code in loglevel-ini-puppeteer-lyra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d86d35a713bef02da5c1926e23331bb6bc7c3f7fc1af3b86a3504773d862e7d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143209 Malicious code in heka-nebula-rollup-plugin-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d27d54fb6425d7716f20259ac15707ab8354e139d9a713e31dd0d222e2275140 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...