MAL-2025-100607 Malicious code in close_marten_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65ffe0bdd52550aa550744f08b70681cbeb2ae587720ae39ef9630a8bde53248 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in frozen_bovid_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a70832d71072ba74f84dcf52ac0074e5acff96a186dc4aded9df6545cd4d2f18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in handsome_tern_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6241f743de16c3c49b3a31b63c07f013689875da7116130aeccb9fde699c2a63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in stable_mackerel_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f427e8d127b6249a7bab6a75daee520d707af415d578b245ea2fb4f5a932c793 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bored_asp_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11715e0c2aaefcc99755eb2ff7d1c2f55ff68c89ba7927f24120200a33c803d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in critical_tick_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45d0cbef880acfd714da7e50bdd764451c7982bf1d445da80baa1c1f9acb79ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in darren-teadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f01a871b06ca5806173567d7ea18bfa769a2c2aa2a7a0974c571008c6a887ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gay_yak_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5df19e5697218adf560f43b534deeeb43ccbc38a422588d37cb87c5e9edea526 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in minimum_cuckoo_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01253461b45579fba5690c2f8d708378de3f744131a82ff4635c0d8a101b82d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in uncertain_clam_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07ce9d0b8ff5547d6cc4214df4201e1d919ea188689af97c8b16cb17d679cbd4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in upset_shark_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 692e102c30c182bc77656924832810352d2bc25a641148bb53320f3da4e69119 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in violent_thrush_replicate_automation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6355897f93b32f836f8c2e09509d66b5d5a16cc47fc32fa6e61ec0b4604f9429 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yearning_cod_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39b4f52763034d3d616c5832130259aa8456139a1686c7aaa379e7a4d1d3e6cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yielding_parakeet_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8deeff508511d242ade3c77871ad3301453b1121137f48e4403910f915284206 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in juicy_leopon_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c45eabd69c65ab43677e47e9e4f30d1e1b8c780eafc6c16c02a2bb1ed23223bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in magic_vicuna_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c32976075a23b7625a34c3023525bf40f06831f237e305ec4e07ba115abf56f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in roasted_dingo_replicate_automation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dd56af15e1b037b7bb622586c83f695f07ed3f4dd08a56e29d0cb9b2b69a66b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in internal_gopher_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0b7c98d5a9d740c1c3745b4baed2bc1d038bc67857c44aae93e593716ac3ac2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in administrative_lark_replicate_automation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c972ac231690e458947de1aabd655ba0d43a3b95922afb04c6e7fc3a67688d7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-109230 Malicious code in subjective_pelican_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f49718175fce0d04a4cbb3050902bb8455d80cdbaeed7a54e48b37a1950d2e0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...