Malicious code in eleventy-spinner-gemini-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 746ffb5d26ec0c2beb4033b4f6c4859ebbc33a46b29f81cce2bc4daf1967c915 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in corvus-enceladus-lint-staged-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae1829f498555d59bca2416201d75d19048908b4c7785ebcd0735c275c15140 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140167 Malicious code in buffer-pavo-europa-gravity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 511fadca6bcdd76abc46c84433dda6cdbb8f5941abba97253a8acf6946b7cb32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144448 Malicious code in lint-staged-carpo-webdriver-mocha-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b8e050df62b8e9d79261093ea9636c346dfafd383a4b7cf736e5cdd571aac4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-await-nightwatch-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599b02ee33e0ca172ba387eb8fee06d5bd917b1b51bf2136c37300c417901fd7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rehype-orbit-yildun-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02d493e8fda77dc1418c68e0b5c3ddc494015c5b69c056b5cfb9f768378af0f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in update-await-uninstall-testcafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71c2279fe5109fedbf05ed0de8e7a13f3135c71fca750b79602f5366b373ebbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in andromeda-public-zenobia-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9af88250587b9710fe2bf5b9df038ec1fbf544a4f938671d0632e9b4f6f5b41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avior-materialize-arcturus-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16a0abe30ecfd362bbf43ba3c31f8f5360240afaf776b1fd268c9fe69ee0e198 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bellatrix-chai-deneb-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd9fb6478dd3638f00e16753a5839c017c4696e62a8cb64c5dbf9b7518f59cd8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in betelgeuse-betelgeuse-unuk-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dff0b97626e4ee33992315c9e755a79a6adc496b3debbe0e513225029979621 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bulma-nextjs-playwright-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 563051be1ab409d07dbe8c4deb9edbe396b53845dc3747bb1007c2a25abb8578 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in callback-pyxis-jovian-ora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa53b34e729ba1f6e545e5585d0583cdaf20a1f246348f2cf4bbd3d8b8117e4c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centauri-chakra-ui-upgrade-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c97d1732e08f808b9dd9c74b462e75c996c7be35f851bb79e18d0eb37147d24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centaurus-bootstrap-callback-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7969750400aaf0b8947f7695420d28f460891a0d6b84261f1405f84b7010400 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in commitlint-antares-chariklo-bunyan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b721512cc47a4a37613f305324a66d29cc423e0fbfe0d78155a8aa93f41bd14f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cosmos-commitizen-quito-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d396766edb0e28e3c059fe2e8744a122fa7919dcec485819019662e51aa0af36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cressida-vuepress-nconf-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b3fad2a7701e8e70e72d43cee4ad37b3a44e2bbbc521f2696eaf92805c68b54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dependencies-rimraf-local-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 054b2d956edf01f7319f62c077101349cd5044afb5c88bc418ae0072e0c3a095 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dynamo-magellan-standard-dorado (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0e6537f0509af7748578bf409c68509f2a78dd654ab1e5524a808f98d675ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...