MAL-2025-187442 Malicious code in impulse-dependencies-spinner-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b1c5ba732a67d3f66094e9fb848726d7544d82bb0de3c82c8ad2e54e6932cea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188710 Malicious code in pino-pretty-yildun-express-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 269ed87702f42dc45182c4c396bd4001c18e108c66d5f61fd4f3ac96adeee437 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188960 Malicious code in publish-vuepress-sails-foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8174eba67733225bc2a363540d7f5712c22849add86bbb13c447eb8e2266a409 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in areology-atlas-dotenv-safe-greatfilter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30a274a73b2bf94ea441167c4bdbdd6e5887ef52aa83f8c6509c5c8349835aa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in carpo-release-it-oberon-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2d9a35551f995b8ec1e04118cfd9e74e6be2edf86c3664c5404ddb401ab0918 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in halley-bioinformatics-mui-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 662312aa6ad2beee5a2348e5ded7008cd22d42f7258a0e9670509dd2889d5910 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in omicron-thread-report-query-book (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f62ea97ed14fec7e80933898874e26a0acece68b1bc07541460b1a79ccbebcfe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in test-fork-gravity-puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2cd155e14b0f3d8707048a509a44689422afdacf2b452915a05a5894bcc2dbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ursa-inflation-atlas-taphonomy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f08f459b286f25ce6361ca667b880bc5e7084907c298b11aead0995d00ae6e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wasat-photon-await-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9928a8be2e63151c5a44872a4540168eb5702dc997d95293ab99824e30466315 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in web-route-final-nu-route (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a5c7be5f1d5e20af05a8a41845cf88aa11d49fe80adadaa957e21395a29b1a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in final-dog-throw-resolve-short (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23c2397efc5859b1076b97685efe63f23c65d3a4a53c6aa6861d363cb5b8cbb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zero-epsilon-bash-cache-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6280f9e3200c2b9b148b3ef23188d465afb54b42c349776db1f524c284f9671b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in betelgeuse-sadr-antd-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5533bbb97535e19e922a0da680df8685d27a569ab72e0b79de9398e24a13a406 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in json-apollo-rate-limiter-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4041eaf381f192fe6b5f0fa41e0d62e7c44bdd9c3dca76d45a758c432e541b9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in user-double-signal-node-upsilon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 331f615747fa4552139398bd5bd8ab96fb56c9ffdc6d81e14eaece427b08e5f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in brane-halley-solarnebula-stratosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dbe993ab0d2060aad81f817e0d23ae578985071a1a988c2fa1c1cd10c224534 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sandbox-scale-promise-unix-resolve (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ddcf410fd06e2ea2f2269a667bfebbb5ab12de14aad2c9f47ef13f257ca503 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chalk-stop-indus-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87bb8e1129a1d5a199fd42030542e91c8c409a534084d9519532cc4057e92cc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postcss-loader-hapi-publish-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f30a4b6ed232f3a0f88e9b315c00447a3e16a47c406a885a51e8efb67a3253d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...