MAL-2025-189270 Malicious code in rollup-plugin-firebase-geochronology-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52e0281ce62a32de1725eb603807b7890d11f596aecd42507b277a31497e925c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178893

Malicious code in firebase-ganymede-registry-async npm...

Malicious code in taurus-firebase-vuepress-uninstall (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94862ebe9cae28f48cd6ac9cdaacc12665f8dca0ecbb5426490c1fdc6f2693f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179892

Malicious code in callisto-hyperion-norma-firebase npm...

EUVD-2025-178890

Malicious code in firebase-postgres-gammarayburst-mutation npm...

Malicious code in betelgeuse-cassini-lyra-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceaa53a75ecaa03edd7aa29ab318da2007e7edc0328de4c86c5f8b43089add6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179463

Malicious code in css-minimizer-webpack-plugin-firebase-corvus-supernova npm...

Malicious code in eris-duplex-firebase-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 915b388b7f76911b853fb6047f3e4f4e11e927e0aa88842e90a0790a39b30f5e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-122071

Malicious code in semantic-ui-link-firebase-bunyan npm...

EUVD-2025-113937

Malicious code in eris-firebase-uglify-js-csrf npm...

EUVD-2025-123842

Malicious code in perseus-cosmiconfig-firebase-quark npm...

Malicious code in jekyll-jasmine-firebase-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cdbb37bda77e42c09b559a883ef4a07bdfb334392fffb8017a7f5a85f82803a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-121575

Malicious code in subscription-betelgeuse-firebase-nconf npm...

EUVD-2025-124487

Malicious code in nightmare-envconfig-nestjs-firebase npm...

EUVD-2025-120066

Malicious code in zenobia-elara-mongoose-firebase npm...

EUVD-2025-124766

Malicious code in mongoose-firebase-local-uglify-js npm...

EUVD-2025-112272

Malicious code in janus-wezen-firebase-xanthus npm...

EUVD-2025-120795

Malicious code in version-firebase-yildun-terser-webpack-plugin npm...

MAL-2025-143144 Malicious code in halley-grunt-firebase-nebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec5e454e8b008901ff203e87ca9d360f5d4997b95763ed04d15c985c2691ac69 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142503 Malicious code in firebase-meissa-loopback-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88272abc19fe27fd8fe14abf6c2687fd476bd7824effb94ab1db41c7704d3038 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...