MAL-2025-148501 Malicious code in telesto-release-it-google-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6ccdd5032ea5072b6c78227164fcfdd6caeffefe98b43a5d8156d92454dd74e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145594 Malicious code in nodemon-scorpius-ignite-development (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ef700f7d6a2075e1da4dbf66fee58b1e0dc67dbe69aa622fa2019ecbd4b2e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yonder-polaris-loopback-vuetify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f79d04e4807dd38afa59089ccfeb76f68af1b43076a330232e0bbe21e1da2f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-plugin-tool-rest-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0560020b42000a697a1c44e8f3e8ed4c0a9d8cd74d971fce648ff57bbe49f39a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nashira-sagitta-tailwindcss-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e01aa82b5cee7d7f29ead05831e499f5b5cc3032624bb089c35c97543f25b33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xenos-unuk-version-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08758c756619b48eebbf564bbe8c20656ed77a50701a913c3d2bb123e47c1313 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in library-fornax-start-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a6a2c4abb42f5f3186fb4734f53bb98dec2cb33af1fd697699823bbf6cfe4d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in init-kastra-leda-canopus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02f08381a1b787fefabd1f241deb2ae2ed1f8fbc5f925b349effd01d58286b4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147685 Malicious code in sass-loader-xml-altair-dotenv-safe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602f04ec56ac19f9194b5ede251f2d95df2f758e975cc2eb78ff7be59af51050 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146121 Malicious code in perseus-triton-query-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3fe942855422456b2b094db1bd45bdae5ec15bfecb41962f6257d1a0d834689 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145290 Malicious code in native-magellan-despina-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ff95a0f9f9d0bf145c3d00b8c179869268bb7ca8b7df9aefc3d9004bb7b7465 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sqlite-perseus-nebula-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18f6b44d9bdca31d5c462ad3cc3176ab255171b26341dc579e4629fa32c15096 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in node-config-upgrade-library-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5b7436d1c19bd4ada5702cde9f3b4b860ec5e5c962dc062ad80ccd76e1a57e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148101 Malicious code in spawn-lynx-phenomic-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06ae23c6d32d600455a747d54659c1bd327ff6c5d32b9722c11f6e3dddde3461 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144029 Malicious code in juno-levels-bunyan-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be54ebc21569f3ca445b4b90feb01ac0ec8a1d4b192bb4044c8284d34e13de63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147297 Malicious code in request-jwt-jest-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f39cb3751e045e8297b0d6151b30d73f8912bad4940b767559fb974d0ef0b19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147291 Malicious code in request-css-minimizer-webpack-plugin-resolvers-standard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c589217cfc86f7c8e3f88b2b6a0e481940efe817e8590641395b29878ff94cd8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in slides-module-node-sass-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cb6f9246b4340ea2d5b3f4d1f7e17c9848520a29053562bd88b04d07b97aa48 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-staged-eslint-mensa-development (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e96b4079b6e72907d3b6ff39c643ac572b7e7e2be3ceccd386b2ea8fb40f2d1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dynamo-ursa-soap-update (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c42154cb3d3d4f013e199a8286637184259cc713fcc3019d47b1fba096b9e6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...