MAL-2025-188676 Malicious code in phoebe-sagitta-cosmiconfig-got (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef0e13ea76237699131190626c9abb30663026fbd8636c42b98e42d5707324a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187298 Malicious code in hawkingradiation-volcanology-npm-delphinus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae30186c272ce2ebecaa6dab45b7ac36c848a48135232810939cf76480942ea4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187372 Malicious code in html-webpack-plugin-atlas-global-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76c400c13c978ef6cec8cf7e638527ede28cbd33c8bdda65e4c91e8e97c489e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189741 Malicious code in superagent-planckscale-prettier-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fca005387f6cae31e007b8f9b1d5e146cfcca77b5b5758630e77c134eed57fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189315 Malicious code in sagitta-jest-orbit-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97d53a4bd4227f567dec059a9f2b201e3dfe39d01c0295bb6b17cd914e8e4d7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189620 Malicious code in speleology-phenomic-nova-resonance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0964688b47d97de3d008dd858b6c40cbbefa462b69aed624467438e4722a340c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186228 Malicious code in command-blazar-node-config-phylogenetics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df133bbe3175b2b97814f29bb869e45de21dc1dea9644a52e44a5a7ca1c80f1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in panspermia-seismology-yildun-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e927520f20267093119cf7131661336e17c154be2ed667440613331992e1154b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in configstore-mongoose-interferometry-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f133636e2272bb0b65af2b3b6e3d879ea3d585e9545d7aef5b0a04e987ed663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lepton-husky-phenomic-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc8e5f8a7b80fc50583741a5d4fe7563cb8ec3706c4e734dffb7de609c501073 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in authenticate-array-cluster-mock-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad84b36cde33af206233558b2f96f5182a2836be13c44e5c3ee34f9e9e69a6a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in byte-root-test-kappa-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9828a39584b83c1b225e4838169006453b25472c92126df3386cf377a7da123f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xo-sequelize-thermochronology-resonance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e182fb3819c16f6cc287c32a13afaf3df0329fb225a9f3c84ac6513d88660bb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in process-simulate-parse-integer-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6f595e875d8be76b910f8b5812d7c40c89b52395acb636de9b3c68cd19dc6f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in resolvers-forever-mongoose-multiverse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb698e9521d3e4b25725566a6542fa166e4dbf4f9e61de34e643fbe4eb435770 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in borealis-hercules-ora-lyra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9629f8a43475f540dbda3704d798a24991f7120a96a82ddb110b11d79e356e1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transport-xanadu-delphinus-achernar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beb9f2ccb9d5c8590e1737a03651014399d524be681aa954a7567bf8f1ab7a93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190477 Malicious code in zeta-beta-secure-secure-load (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93a5c435de2671bef333672da04229cac813381b0a6af0485bceb971f387c84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190369 Malicious code in xenon-comet-xo-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 052d305986eaac09c0a7186bb66c0d5c0c3ab65f1a3b1b59a8649f2412ade857 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186933 Malicious code in extremophile-geochemistry-dendrochronology-ursa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bea310cfefb66f08a96c3188538369447bd04612535e404ae87469b672b6668c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...