MAL-2025-142884 Malicious code in geckodriver-taurus-foundation-procyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9c037b0b5e3cf10f1a69bbb0603617df035d7e565a5da2277b4ee9e340e269e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147973 Malicious code in sirius-resolvers-pm2-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b5cbb1e0e4935676cf3ee3d871ea76f06f61c680035426f909d71303cc289f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146323 Malicious code in polaris-arcturus-global-warp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56f7b2439427c477eb2eebd3e69cf7473ac0d7f57323a76a547aca39daa75e03 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149258 Malicious code in vulcan-umbriel-jovian-radiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07d06f26e3082cb1c1ae58325b21f22029f52104bff9713f2a6c644765e77df0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141423 Malicious code in cz-conventional-changelog-kastra-rollup-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38e9525cff2d4f497c1e161782ad3e5478832085c188b7182639221632cc9fee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147290 Malicious code in request-cordelia-cypress-spica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e66fb1c730dec97f29ade6b1d6795405786d119efa2bdade8c8b96b568991474 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142330 Malicious code in event-transform-electron-builder-draco (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ee0ce5601f068a49bf40ce75803158592a2ac0584f58eab0e797b2ca8f76259 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143702 Malicious code in io-node-config-rate-limiter-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 930c2a4eb6c0a881eb361c86511cd96aead7d8a166d8915012d34c8a2e936537 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144425 Malicious code in link-solis-promise-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89f3c59989ecc8eae4a83da38af7837d57dde9a10c501c636c5a57588afabd2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139628 Malicious code in async-json-metalsmith-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3de2ede2b17ab92f94ebfb9bc3a04946b83f63dcaaa1578e8dfc673d1438ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141827 Malicious code in dynamo-jwt-figures-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfd3975230bea9be10d63c55ca1aad40d879ee3f650bf54db20e9824353ae13c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142153 Malicious code in eridanus-nightwatch-draco-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 897faea076021827c61bfaaf49e286cca7ae17bae43b9fff7e94eb35c29e8b52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140552 Malicious code in centaurus-rimraf-install-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a20fc42722644aab92bd2ddc6bca3420470cac4cf0326c16962a9a81849fad0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146372 Malicious code in polaris-stop-build-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a373d1a5eb1fb842a336b3d3996d1ff50d85dbdbcf45ce246eec4e06c9cda3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148413 Malicious code in sync-adonis-rate-limiter-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df5dc33b4b091bc26ce6cac112f885cbde0319831f4fd7aebc4e645088bf967f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149691 Malicious code in xenos-thuban-resolvers-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c87583f813bf3b289010d2d1fe63c705d1c7b1a54fd57decd0f17f40b0c5d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143848 Malicious code in jasmine-carpo-scorpius-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d0e478b82bd4c6989f3b5401fe834e59f45fd9f764b88f40b4aad9210d51eb6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145294 Malicious code in native-quito-venus-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22cd3182705b88c0e14381b43792c9118b4bafb5d433ada79eafddb31bd3afa5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139254 Malicious code in airbnb-gacrux-concurrently-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f902fe71cb86fc56849ea755fcc2c4cb1b0f2d2b8b5e2ba0e79f9a3113e4a17c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in narrow_goose_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e70a40f34ac270e32d345abe4cf6f6faeffad82b24fe6c6f9731a29532fcad56 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...