MAL-2025-185729 Malicious code in bad-alert-long-container-mu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d6513c98d72ad1bdbdce3ec34a2d8da4e0b671dfcabae5f29fe5adebfbc0de6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in function-fast-error-private-orchestrate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c9981a842603cf507c7d999a60dadff6bc66540d629ab5b9de39196574c5d0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nightwatch-procyon-stream-docusaurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e497e4e46a9d7a57d90c0c65f94d4cbb5d2a38b38ddbc06eec016cc45c40b6e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in passport-deimos-isostasy-izar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c50fc22d47ee88f31e9929566ac91e5175399fdb5f383bf0b9612abb971d1ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nightmare-version-levels-mui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a297fae66d552bead526aba85b7fe7db06f9336bc28adb7ec24729c055c79c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in upsilon-fork-pi-index-emulate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76974f55a567f0b9b70350fd1ba445bbdfefa6a623c5d9e10626436c7b19827b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in extremophile-ophiuchus-rollup-plugin-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d5814aeadd2075aafefcfdf7e08fa80138940a6d61e92b031d99103d60885e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in void-cassini-thermosphere-cosmicsilence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40d4ba453816a13301206fa5ce0d185840b92860d050bfe09f03edf00a9323cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in oscillation-leda-warp-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4034a7c18a9c9766f734ef16d4eadac9e3d3574d8910068cacc02e37e741318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in firebase-ganymede-registry-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 110bf147f478aeca2501ed4ea4b9701c21692ba23560b2d3f5234b657b5b721e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meteor-fermiparadox-pino-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4475a2700a3887c2ee6f081004405d01e2a1578c2ef22298f54d0b30c7a1993 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pi-quick-cron-book-compile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdf44e489d6db17c47113c34f0e8b7584c52a1b98fc559ea0dbd9fb498ae230f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sass-loader-fornax-passport-geoarchaeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bfd62a356a0fe396589416121a7f7bc96b02b42ac69778ec8d6e9d3ba645016 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transpile-pi-cron-secure-double (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f79464e911dab89a693fca3631620c93984804f8b4a48f7c6061aadb4d7620a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sirius-registry-webpack-quasar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c310c475846e8ee5e7c18a1b32e566c7929067fa02791639c37510e9d7820c0f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in despina-kastra-forever-supervisor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3c8f509d760595decb8b8160722db2226da87c070b5e751910271123bd7fd94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in html-webpack-plugin-atlas-global-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76c400c13c978ef6cec8cf7e638527ede28cbd33c8bdda65e4c91e8e97c489e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in semantic-release-aether-buffer-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ef5dd537b321d8fe283fd48cc1202163ccbfdacb0405c484311db90efcf6451 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in heka-antares-vulcan-commitizen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41c307536c58204cd3b17873413e4c2936eb8555c5cc85cafc399332a5578418 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cryonics-jest-tachyon-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e3e71ab2321b00d0c7b701888c94349c5ce8a4bee2d5dd85f7edf844271d669 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...