MAL-2025-188596 Malicious code in pegasus-kinetic-betelgeuse-selenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1eeb701dbb42b94c86f002ac002aff1581d8e3f416669abce192f22f0f377d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189723 Malicious code in subscription-jsonp-metabolomics-hawkingradiation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73b99ac4b6d1f2920c9cfeb64b32caaef526384c1277eb268f9495396666671b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dependencies-dynamo-optimize-css-assets-webpack-plugin-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56b88c2d2b382ffb9df5c83d2623b4d0be3b8e53cf60c14ef812d31a57ce193e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centauri-protractor-biosignature-supernova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 739d1638844b716e95db11ffdb4027dd1942b8a1b956ef4531dcf9888bd02986 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in init-venus-sync-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b6e40d812a9363fa5f719d89f8033b005cc387fbeadb50dac11ca6fcd9ba44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleomagnetism-process-rigel-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 806c222b404c6835419bb2dc3e3292a0bfea544dc0e55b7579ef348d91329803 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in visualize-object-xml-long-sigma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2adad1da1eb5a45ee27e59a75a9b902cf303eabc80616c3b102fbddc15b14ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in oberon-geochronology-yakutsk-neuromorphic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb3db91f52b9d0f558875d7af6fd1852b71e2ca085a84a3956c3fcefdf06c5fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sadr-nodemon-cosmology-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde5e4eff09a33f1389f7b207284fef123917e01d69344dae811a66121796ebe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in graphql-elektra-triton-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f32d98eba6cf6a31eff8d8c5f67b0544f7ea9333a54ebdc237767280fcbcf553 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in metabolomics-steganography-palynology-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94bdfca8a1b6545c0a7b689ad4e40447c83ebe94404a409df4c47f8aee747aba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in materialize-cache-neptune-cosmogenic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ce0c130492aae3151f1a9569559e73ddc5670f78a3a142e9f6824e03610e1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jovian-postgres-webdriver-mocha-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ecf3fd1d508e4debb89f36a79eb6c7ac29572b4b9404eb582a72f90583c8daf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-stylelint-got-cosmos-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 191ad1021c21de2e4d2aff52918a87b8c01692e87e5d7d02fa1dd71a2f77ed88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in airbnb-titan-pavo-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb1598783b15eca6936335df4a84a0344e4d4d3e714804992c93e368d3a8cf3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in geodynamo-stop-hexo-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eca0a2915c66dd42a7b4e7dd744b1a10f4f2a0085b8213be501a8ef39cde5d35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deneb-iota-xenos-celeste (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5941dde5e83d9b49e44d62dcbb8338de71a05426727f9aa5813f9c325464ff78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-quasarjet-winston-superflare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c17b561d80c863f9bd0531b8d955cb3377270c369a97139220b80e1e2a1e9424 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cordelia-solis-markdown-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a190c5cc853c9375209877f18132eca1a00d888440a8dfbc5980ec1c3e3bbc8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postgres-soap-apex-vortex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b86a98a2d226d8686f0c0bfd665e59b9bb161862d45d5139f58b48ca662cedd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...