MAL-2025-187293 Malicious code in hawkingradiation-jupiter-morgan-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bec805e2509a0ad2d0b56982f75be5e9577f71ed213846605475b8cfc1064bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188742 Malicious code in playwright-dotenv-parse-variables-parcel-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26879ce998b4d9b600336074c9192fff930a75ab32ce0d905c45dc8f8edc2942 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187728 Malicious code in leda-cassini-dactyl-mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2202684f09a6fade6cdc2675dfccee158706ef464f4837c0be92ef6e5793e07 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189972 Malicious code in transhumanism-blueshift-thuban-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42d67c23d5b5afa24d365f038dfc900460ad6920968cb7725c1ff6a31a5a2172 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189397 Malicious code in secure-old-deploy-resolve-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd40e8463e8ef60e60e2f721f62d52e42e5b10ad7481073017d47ad4d0616fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rocket-jest-astrophysics-speleology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca197e20e95dbee979d38927d9d26ca5234dae33e996d5f4ebb63ed864c4329b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in enum-interface-grep-reject-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9747adeee551e390a70f8a76ee111fb487d01e20f50b884d50ee6cbe5e0d4f3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in augmentedreality-mesosphere-style-loader-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1d853c7a12b620222d28136b0607993451c0a2b585bdb1e76a0f9f242509ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eventhoriz-native-planckscale-cosmochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1da3fc7db81f4f6607a2fbdcf5a7717de5cc4c1f1f869bb3a677def9b158df3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in global-eridanus-yakutsk-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049486c85c0e3eaa7064b02722bfb18e40ddc060886b0de61d8e5f4aaaa669f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in inquirer-flare-sass-loader-tectonic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9ac73491da4c0bbc3063c9fee7d300beb6e658c1d0164abc26edafd86238d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in radioastronomy-mongoose-inquirer-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b90a3ad43fd3d17f857f0d6f4fe80c069a4b11b70c9356b9193d840d067320 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in remark-deneb-radiant-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84ca8dc561feea70ef2e90e453769a98158249192e0d45e16a69561f1949de01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in test-janus-eslint-config-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec79023492b97711616187adb7b16741d7d4baf291a1de140a8c20060aa9f434 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in neptunology-gravity-start-interferometry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8e13aeeedf63928df41a9d4049871f5d598588d838eb4f63aa053aa0c350a1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tectonophysics-farout-cordelia-darkenergy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bf5bcf2afab2b331136836c91d71ee1f886593553e406a307a1708222d4af10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prosthetics-leda-mantle-deimos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02ccf110939f33fbfa2672f6cba59b7579228e554de159d0d913b20d0526171 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chromedriver-hyperion-isostasy-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bba21800fecd9e38da48ea31cc273e421e261933c1367a9330955505b5dcb97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in levels-paleoecology-blackhole-abiogenesis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbfa25e7c0ebb5bec1894df67b378e78bfce051ef245093997e8f3dcabbd246a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-staged-lint-staged-auth-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03253bd76fedc24d55504b970d032ee47ad508a341ba8a5531490b0b9ae15ee3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...